Jump to content

Couple of more pre-sales questions...


Steve D.
 Share

Recommended Posts

Thanks for sending the pw reset portal trial key. The I got it implemented and gave a demo of 2 auth methods for infosec; the google auth & temporary pin e-mail methods, and the question I got back was ... is there a saml2 verification policy?

 

PWS will be tied to RHDS (LDAP) and SAML2 auth, or so the plan stands at present. All employees have a token generator of one kind or another tied to a pin/token combo registered with the saml2 implementation. saml2 will be universally available to all staff. The e-mailed temp pin is acceptable for general staff but anyone with administrative level access infosec wants tied to  two factor, preferably via saml; Help desk, ops & engineering...

 

 

p.s.

 

The work I''ve done on this with your invaluable help has been well received and I appreciate it.
 

Thanks again gents.

 

Steve D.

Link to comment
Share on other sites

While I'm asking questions... We had a stage env DC die a bad death. I replaced it, same name, ip, etc... PWS resumed authenticating users when it went operational but it is complaining about not being able to query event logs...

 

"

An error has occurred executing the call 'PR_EventLogMonitor_Elapsed'. It appears the Domain Controller for domain 'stage.win.........

"

 

I have poked and poked but I can't find where this is coming from. Any pointers?

Link to comment
Share on other sites

Hey Steve,

 

This error relates to the functionality where we monitor Domain Controller event logs for account lockouts - for the Password Reset Portal module.

 

Below is a screenshot of where you can find this, but if you replaced the DC with all the same details, I would not have thought you should see this.

 

Maybe check out the settings here, and then restart the Passwordstate Windows Service to see if this exception comes back.

 

eventlog.png

Link to comment
Share on other sites

1 hour ago, Steve D. said:

is there a saml2 verification policy

Hi Steve,

 

At this stage we do not have a SAML auth verification policy - our flawed thinking behind this was a lot of customers use SAML with ADFS, so you could not use SAML in this instance for obviously reasons.

 

Regards

Click Studios

Link to comment
Share on other sites

On 3/22/2019 at 6:51 PM, support said:

Hi Steve,

 

At this stage we do not have a SAML auth verification policy - our flawed thinking behind this was a lot of customers use SAML with ADFS, so you could not use SAML in this instance for obviously reasons.

 

Regards

Click Studios

 

Yep, I can see this. Obviously not a Red Hat issue... lol. If I tried to foster & promote ADFS around here I'd soon be nailed up on  a stake surrounded by kindling.

 

 

So... I'm going to need an enterprise license, 6 remote sites (to start with), the pw reset portal and HA. ... as an opener. Have you got a var/support channel in the US I should be speaking to?

 

Rgds,

 

Steve D.

Link to comment
Share on other sites

Hey Steve, 

 

We get a lot of orders through SHI in the US - do you normally work with them? We're happy to work with any supplier you needed, and also make sure you let them know how many licenses you need for the Reset Portal as well.

Thanks :)

Regards

Click Studios

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...