Steve D. Posted March 22, 2019 Share Posted March 22, 2019 Thanks for sending the pw reset portal trial key. The I got it implemented and gave a demo of 2 auth methods for infosec; the google auth & temporary pin e-mail methods, and the question I got back was ... is there a saml2 verification policy? PWS will be tied to RHDS (LDAP) and SAML2 auth, or so the plan stands at present. All employees have a token generator of one kind or another tied to a pin/token combo registered with the saml2 implementation. saml2 will be universally available to all staff. The e-mailed temp pin is acceptable for general staff but anyone with administrative level access infosec wants tied to two factor, preferably via saml; Help desk, ops & engineering... p.s. The work I''ve done on this with your invaluable help has been well received and I appreciate it. Thanks again gents. Steve D. Link to comment Share on other sites More sharing options...
Steve D. Posted March 22, 2019 Author Share Posted March 22, 2019 While I'm asking questions... We had a stage env DC die a bad death. I replaced it, same name, ip, etc... PWS resumed authenticating users when it went operational but it is complaining about not being able to query event logs... " An error has occurred executing the call 'PR_EventLogMonitor_Elapsed'. It appears the Domain Controller for domain 'stage.win......... " I have poked and poked but I can't find where this is coming from. Any pointers? Link to comment Share on other sites More sharing options...
support Posted March 22, 2019 Share Posted March 22, 2019 Hey Steve, This error relates to the functionality where we monitor Domain Controller event logs for account lockouts - for the Password Reset Portal module. Below is a screenshot of where you can find this, but if you replaced the DC with all the same details, I would not have thought you should see this. Maybe check out the settings here, and then restart the Passwordstate Windows Service to see if this exception comes back. Link to comment Share on other sites More sharing options...
support Posted March 22, 2019 Share Posted March 22, 2019 1 hour ago, Steve D. said: is there a saml2 verification policy Hi Steve, At this stage we do not have a SAML auth verification policy - our flawed thinking behind this was a lot of customers use SAML with ADFS, so you could not use SAML in this instance for obviously reasons. Regards Click Studios Link to comment Share on other sites More sharing options...
Steve D. Posted March 24, 2019 Author Share Posted March 24, 2019 On 3/22/2019 at 6:51 PM, support said: Hi Steve, At this stage we do not have a SAML auth verification policy - our flawed thinking behind this was a lot of customers use SAML with ADFS, so you could not use SAML in this instance for obviously reasons. Regards Click Studios Yep, I can see this. Obviously not a Red Hat issue... lol. If I tried to foster & promote ADFS around here I'd soon be nailed up on a stake surrounded by kindling. So... I'm going to need an enterprise license, 6 remote sites (to start with), the pw reset portal and HA. ... as an opener. Have you got a var/support channel in the US I should be speaking to? Rgds, Steve D. Link to comment Share on other sites More sharing options...
support Posted March 24, 2019 Share Posted March 24, 2019 Hey Steve, We get a lot of orders through SHI in the US - do you normally work with them? We're happy to work with any supplier you needed, and also make sure you let them know how many licenses you need for the Reset Portal as well. Thanks Regards Click Studios Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now