none
JEA Multifactor setup RRS feed

  • Question

  • Hi,

    In a test lab I've setup a JEA Endpoint. Inside the endpoint I have several functions. I would like to achive multifactor with OTP. I have a OTP server in place which have a useful REST API.

    When I connect to the JEA Endpoint and run the function New-SecretItem, the function looks for the variable $MfaAuthenticated. If the variable is NOT set to $true the function will throw an exception and exit. If the $MfaAuthenticated eqauls $true it will continue. In the examples below I have my code examples. The JEA endpoint is set to RestrictedRemoteServer. I have tried to find ways arround to set the $MfaAuthenticated outside my function Set-MFA, but have not succeded.

    Is this a secure soloution? Are there ways to bypass this?

            
    Function New-SecretItem
    {
    param
        (
            [Parameter(Mandatory = $true)]
            [System.string]$Name
            

        )

    If ($MfaAuthenticated -ne $true)
    {Throw "Access denied, not 2FA authenticated"}

    Funkction Set-MFA
    {
    Param
    (
    Parameter(Mandatory = $true)]
        [System.string]$Name
    )

    #The code for the REST API

     If ($OTPResponse -eq 1)
    {
    $global:MfaAuthenticated = $true
    }

    #Access Denied
    Else
    {
    $MfaAuthenticated = $true
    Throw "Access denied!"
            }

    }


    Tuesday, January 14, 2020 8:12 PM