mengler_136249
Aug 05, 2016Nimbostratus
APM - RADIUS Variables
We have a APM profile that runs our VPN. Currently, the users input the SAMAccountName into the username field, and then in the password field, the combine their 2 factor token and their password. We...
- Aug 05, 2016
Unfortunately all authentication Policy items (AD auth, RADIUS auth, LDAP, securid auth) assume that:
- The source of the username is "session.logon.last.username"
- The source of the password is "session.logon.last.password"
- The source of the password is encrypted
So in order to do any 2-factor authentication you have to:
- collect the token, username, and password together in the logon page
- make sure your token code is in session.logon.last.password (use a variable assign)
- do the token auth
- make sure your password is in session.logon.last.password (use a variable assign)
- do the password auth
- make sure the SSO variables are mapped to the password auth
We do have an enhancement request ID400742 to allow for a user-defined tokencode source for RADIUS, which eliminates the variable assign step(s) (1-2 depending on how your access policy is set up). If you think this would be helpful, you can feel free to open a support ticket to request this functionality. Provide the ID number in the ticket.