locked
2 authentication schemes to one trunk? RRS feed

  • Question

  • We have an HTTPS trunk where we have successfully configured it to authenticate to AD and to our 2 factor OTP service through RADIUS, where one login form contains the prompt for the AD username, AD password and the 2 factor one-time-password from the token.

    When we have implemented this with other reverse-proxy solutions, we have provided an option where if the user has lost their token or otherwise cannot provide their token response, they can go to a seperate login page which prompts for the AD Username and AD password, then a background process looks up the user's mobile phone number and sends an SMS to their cellphone with a single use one-time-password. During this process (where the user enters their username and password), the web page provided is simply a static page to instruct the user that they need to close the browser and enter their three credentials (AD Username, AD Password and OTP) in the main login page.

    To achieve this, I would need to configure some page that will prompt for just username and password - but I don't seem to be able to achieve this.

    Any idea how I can have two authentication schemes in the same trunk?

    Wednesday, June 22, 2011 5:14 AM

Answers

  • Hi Christian,

    Perhaps you can create a dedicated trunk to publish this static page (without detection script, authentication...). You can then create a custom login page for the first trunk , and add a link to the new trunk to allow user to recover their token if missing.


    Olivier Detilleux - Service Line Manager | Core Infrastructure Department - vNext http://www.vnext.fr - http://myitforum.com/cs2/blogs/forefrontsecurity/
    • Marked as answer by Erez Benari Friday, August 26, 2011 11:52 PM
    Thursday, June 23, 2011 8:38 AM