locked
Portal Authentication Options for Multiple Domains and RADIUS RRS feed

  • Question

  • Hi

    I have created a portal with 2 domains that can authenticate to access published apps.  The end user gets a drop down list presented and they just choose the domain they authentication against.  This is all good.  

    However now, I need to bring in a 2 factor solution.  This presents the user with a field to enter their PIN code in to authenticate as well as their domain credentials.  When I set this up with one domain it is fine.  Under the specific trunk's authenticaiton tab I select:

    'Users authenticate to Each Server' and

    'Authenticate to each server with the same username'

    If I try different options then I either get a pull down list where I can only select one of the domains or the Radius server or the other option I get is that I get fields presented to log on to both domains and the RADIUS server.  As a user only belongs to one domain this does not work.

    So is it possible to be presented with the username field, Choose the domain pull down list field and also authentication for the PIN code for the RADIUS server?.  I am not sure there is but thought I would ask

    Thanks 

    Wednesday, December 5, 2012 5:57 PM

All replies

  • Hi

    I have created a portal with 2 domains that can authenticate to access published apps.  The end user gets a drop down list presented and they just choose the domain they authentication against.  This is all good.  

    However now, I need to bring in a 2 factor solution.  This presents the user with a field to enter their PIN code in to authenticate as well as their domain credentials.  When I set this up with one domain it is fine.  Under the specific trunk's authenticaiton tab I select:

    'Users authenticate to Each Server' and

    'Authenticate to each server with the same username'

    If I try different options then I either get a pull down list where I can only select one of the domains or the Radius server or the other option I get is that I get fields presented to log on to both domains and the RADIUS server.  As a user only belongs to one domain this does not work.

    So is it possible to be presented with the username field, Choose the domain pull down list field and also authentication for the PIN code for the RADIUS server?.  I am not sure there is but thought I would ask

    Thanks 


    No, not natively :(

    Jason Jones | Microsoft MVP | Silversands Ltd | My Blogs: http://blog.msedge.org.uk and http://blog.msfirewall.org.uk

    Wednesday, December 5, 2012 10:11 PM
  • There's a lot about your working configuration that we don't know, but given that you're working with a single trunk, a lot of the flexibility with what you can do on the UAG side will be governed by the flexibility also that the 2FA solution provides. You can either expose the user storage directly via UAG or through the 2FA provider and if that provider supports other logon mechanisms beside two-factor then you can perhaps move the problem to them. Given that RADIUS is a starting point for the majority of 2FA solutions, perhaps you might look at using a RADIUS proxy as an authentication proxy in between to make the appropriate routing decisions for authentication. 

    Sorry if that sounds cryptic, and while it would be easier to say yes, go here for a solution that meets your requirements, I'm not one for espousing solutions on public forums.... There are cheap solutions out there that can do that sort of thing though.

    Regards,

    Mylo

    Saturday, December 15, 2012 10:37 PM