This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protect ?

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protect ?

junior_r
L3 Networker

‎06-15-2018 09:50 PM

Hi,

 

How can I get user to type username, password and OTP when using RSA Radius 8,1 on Global Protect ?

 

 

Portal = Radius (RSA) passes -> LDAP check

 

Thanks

0 Likes Likes
3 REPLIES 3

Remo
L7 Applicator

‎06-17-2018 10:33 AM

@junior_r

This sounds more like an issue on your RSA RADIUS server as it depends on the configuration on that server how the authentication flow should look like.

From my own experiences I know two types of authentication flows

  1. User enters username and in the password field his OTP and also the password. This way the RADIUS server is able to check all login factors at once and returns access-accept or access-reject
  2. User enters username and password and klicks login. Then the RADIUS server checks these credentials and if correct it sends a RADIUS access-challenge packet to the firewall which then displays a new inputfield for the OTP.
0 Likes Likes

OtakarKlier
Cyber Elite
Cyber Elite

‎06-18-2018 06:23 AM

Hello,

The way I acheived this in the past was to use different authentication methods for Portal and Gateway. I would use the Portal Radius for OTP and then LDAP for the Gateway.

 

Hope that helps.

0 Likes Likes

Remo
L7 Applicator
In response to OtakarKlier

‎06-18-2018 10:56 AM

@OtakarKlier

For something like this there is also the way to configure authentication cookies. So you could configure the same RADIUS profile on the gateway without degrading the security with an authentication profile without OTP on the gateway.

  • 2199 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks