Jump to content

Mobile Site - Changes with 2FA


Mike

Recommended Posts

Looking for a secure method of "remote" access that's convenient to users without exposing the PS server to the Internet.  Method 1 is to use VPN for laptops.  The Second method is to use DUO for the mobile site.  The PIN method isn't secure enough for our needs.

 

In testing, I think this will work, but two requests.  When enabling this configuration, I noticed the following.

  • Can we obscure the password as its being typed into the password field?  Or maybe have a "show/hide" button (default hide).
  • There's a passcode login button present, even though it won't work (we require the 2fa).  

 

My HTML is a little rusty, but is there a file I can modify manually to make these changes for my install? (Edit: Doesn't look like it)

 

Thanks again!

Link to comment
Share on other sites

Hi Mike,

I've just tested two authentication options with the mobile web site, and the password field is obscured - can you let us know what authentication option you are using?

 

For the passcode login button, could you let us know what authentication option you are using, and what error you see on the screen?

Thanks

Click Studios

Link to comment
Share on other sites

I'm using "DUO Authentication" as my authentication method for the mobile site.   I've tried multiple browsers and the passwords are plain visible for me.  

 

I did some more testing, and it seems like the page is dependent on the option selected.  I just saw that "AD + DUO" is also an option.  After changing to this method, the Password field is obscured, but my AD password isn't working together. 

Error message: "Incorrect Login Details. Please try again". 

The audit log shows an error: "Failed 'AD Authentication' login attempt as an exception has occurred. Error = The remote name could not be resolved: 'passwordstate.domain.local'" (changed the url)

 

I'll keep troubleshooting this.

Link to comment
Share on other sites

Update: I see that the "passcode" field is actually intended for DUO's number PIN and not an AD "Password" or other associated field.   It somewhat makes sense to me now.

 

I got the AD+DUO method to work after putting in a DNS entry so our DMZ server pointed to the internal server via the "internal" URL designated address.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...