Jump to content

RADIUS Challenge/Response for Password Portal


gcsdroo

Recommended Posts

The current implementation of RADIUS only allows the use of tokens/passwords that do not require a challenge/response.  Currently, if a RADIUS Challenge message is sent to the portal, a Password Incorrect message is instead shown.

 

Example Scenario [RADIUS server setup to use SMS tokencodes]:

  1.  User enters their PIN and clicks Next
  2. PIN is sent to RADIUS server
  3. RADIUS server responds with Access-Challenge message
  4. Password portal prompts user for next token code (or whatever message is sent back with the Access-Challenge)
  5. User enters tokencode they received and clicks Next
  6. RADIUS server respondss with Access-Granted and authentication succeed

 

This is also useful in scenarios when using hardware/software tokens via RADIUS and a PIN rotation is enabled.  The portal would need to be able chain Access-Challenge responses as there may be more than one.

Link to comment
Share on other sites

  • 2 months later...
  • 2 months later...
  • 2 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...