Jump to content

All Activity

This stream auto-updates

  1. Yesterday
  2. In products I have setup with SAML, after first login all remain authenticated through browser session and most persist for some period of time even when the browser has been closed and reopened or the computer rebooted. Some require login after an hour and some don't require a new login for weeks. So, it varies on the auto-logout. If we can't configure it, I would probably prefer shorter for passwordstate.
  3. Hi all, We have recently switched to SAML authentication. To ensure that our password lists are also protected from Azure AD joined devices where the user is automatically logged in, we use Google Authenticator in addition to SAML authentication. In our case, the user only needs to enter the token from Google Authenticator when logging in. I'm not sure what happens if you force reauthentication on Azure AD connected devices. But if the user had to enter their Azure credentials every time, that would be awkward from my point of view. Regards, Reto
  4. Last week
  5. Hello, At this stage we do not have support for more fields like this. Regards Click Studios
  6. Hello. All load balancers should be able to be configured for X-Forwarded Support. We would recommend logging a support call with your Load Balancing vendor, and ask how this can be done. There currently is no way to disable this feature, for security reasons - typically customers install this module in their DMZ, so you do need to protect against these failed login attempts. If you go to the screen Administration -> Password Reset Portal Administration -> System Settings -> Miscellanous tab, you can increase this lockout value though. Regards Click Studios
  7. I had chance to talk to our network admin and he is suggesting that he can't do it because we have the site running under SSL, therefore its encrypted so there is no visibility to the web traffic. Neither of us have seen this before, is there a workaround or guides that can assist with this?
  8. @Max @tboggs13 - just to clarify, with the other products you've mentioned - are they auto logging you in when you have an active session with Azure AD? If they are, when you logout via the application (not Azure AD) and then return to the home page, are you automatically logged in again or prompted to re-authenticate via Azure AD? Regards, Click Studios
  9. Hi Guys, Thanks for your request, but we will not be changing the behaviour for this. We have engaged with an external Cyber Security company for the development of the App Server, and they also recommended the current method we implemented. As certificates are quite cheap, we instead recommend purchasing a certificate, instead of using Let's Encrypt. Regards Click Studios
  10. That is the expected behavior from other products I have integrated with AAD. Not sure about the technical aspects, but as and end user that's how it should work.
  11. Hi, What we'd like is not to be logged out of AAD but only from the Password state. When we looked at other apps, the logout page they point to is one hosted by their application, not going directly from Microsoft. Hope this helps. Cheers, Max
  12. Hi, Thank you very much, I already suspected that. Then I will use the workaround. Greetings Jan
  13. Hi All, We're currently working on this for the next release, and have successfully corrected the 302 error using the new AAD logout URL. However, during our testing we're still observing that all Azure Apps are subsequently signed out after posting the LogoutRequest.“ If you input the generic URL it will log you out of all AzureAD applications” implies that you would like to only sign out of Passwordstate and not all the other apps utilising the Azure AD session. Did we interpret this correctly? If so, we believe this is not possible unless we force re-authentication even when an Azure AD session is currently active which would ultimately defeat the purpose of single sign on. Regards,Click Studios
  14. Earlier
  15. Hi Jan, Unfortunately it's not possible to run the report for one group only. Once the full report is exported, we'd recommend just doing some filtering in Excel. Regards Click Studios
  16. Hi, Managed to solve it. If the archiving service crashes while copyting data from audit to auditarchive tables it creates conflicts and the process crashes. After removing the primarykey from auditarchive the archiving works as expected but I am getting duplicates. The running: WITH cte AS (SELECT[AuditID], [UserID], 2 row_number() OVER(PARTITION BY AuditID, UserID ORDER BY AuditID) AS [rn] 3 FROM [passwordstate].[dbo].[AuditingArchive] 4 )DELETE cte WHERE [rn] > 1 Cleans the table and I could re-enable the primary key in the archiving table.
  17. Hi, I need some help How can I run this report automatically for one group only. What security groups exist, and who are their members? Is it possible at all? thx Jan
  18. Hello tester22, We might need to look at the health of your system, and cannot request that on public forums. If you have an active maintenance contract for our software, could you please log your support request via the following page - https://www.clickstudios.com.au/support.aspx Thanks Click Studios
  19. Hi, We have an problem that our audit log isn't getting archived: Our setting is defined so it should archive after 2 million rows. I havn't seen anything in the logs regarding this. Any pointers of where to look?
  20. Hello Nicholas, Unfortunately you cannot use our RADIUS authentication option for this, as it only supports the PAP protocol, and not CHAP. For Azure Authentication, you can use SAML Authentication, and all authentication is handed off to Azure, and supports whatever authentication is configured there. Instructions for configuring SAML can be found in the Security Administrators Menu, under the Help menu in Passwordstate. Regards Click Studios
  21. Hi. Would like some assistance with configuring PasswordState to use the "Manual AD and RADIUS Authentication" and then using NPS with the Azure MFA NPS extension for the RADIUS component for Push Notification authentication. Thanks
  22. Hello Javilia, Please see our response on your other forum post where you asked the same question - https://forums.clickstudios.com.au/topic/14088-upgrading-to-passwordstate-9-from-version-6-7-or-8 Regards Click Studios
  23. It seems i can't get it to work on 1433 either anymore. I try to run as clean as i can, so that i don't come across problems that may be caused by something unknown. So i always try to revert any changes i just made if it doesn't work. initially after i opened this post i removed PWS and removed the SQLEXPRESS instance according to MS docs: Uninstall existing instance - SQL Server | Microsoft Docs because I was hoping i didn't need to reinstall MSSQL entirely. After confirming that the SQL server was running on its defaults settings, i tried to launch the PWS configuration site but i ended up getting the same 2 error screens as above. No database was created (nor the PWS user). I can't think of anything that i changed/tested that could result in this problem. I just tried to run the config again, the database connection test came out positive and the configuration was running longer than usual. Now i get the 2nd database error (Sorry no screenshot). but this time the database is somehow/somewhat created including the PWS user. The error said i needed to remove the database 'passwordstate' the user 'passwordstate_user' and try again. Either way, PWS wasn't working. The only thing i can image is something with the firewall. I did add a rule to it, but i later removed that because PWS still wasn't working. On this server only the Private and Public Firewall are running (Windows 2019, 1809, build 17763,2145). Domain firewall is disabled currently. I'll reinstall the entire IIS/SQL/PWS to see if i can get working on the default port again. edit: I've managed to make PWS work on the default port again. Seems i wrecked some registry causing MSDTC not working anymore. After reinstalling en enabling MSDTC i was able to reinstall PWS entirely and on the default DB port 1433. Let me know if you find any solution to changing the DB port.
  24. Okay thanks. We'll need to do some testing to see if we can replicate this issue. If you change the port number back to 1433 for now, then you won't need to specify this during the intitial setup. Once you have everything running, you can change the port number again, and then edit the database connection string in the web.config file. The format would be HOSTNAME,PORTNUMBER\SQLEXPRESS Regards Click Studios
  1. Load more activity
×
×
  • Create New...