3 Replies Latest reply on Oct 2, 2012 1:52 PM by markbenson

    view 5.1 radius no 'next response' popup

    wally Hot Shot

      We've been trying to get 2-factor radius authentication working. We want to send users a One Time Password (OTP) by SMS. Judging by the connection server debug log the server knows we use a challenge/response but we don't get a popup where we can type the response code.

       

      My question is 'what does the connection server expect as a response from the radius server to actually ask for the response code'? So far the view administration guide and google left us clueless.

       

      Snippet from connection server log:

       

      The "[OTP Challenge: DEMO ONLY!. Your password is xoqocuk46]" is a print that comes from  the perl script we're using just to see if we can get data back to the  connection server; that password would be send to the user's phone by SMS.

       

       

      2012-10-02T12:34:28.420+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [XmlRequestProcessor] (SESSION:e611-***-4960) added: submit-authentication
      2012-10-02T12:34:28.420+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [XmlAuthFilter] (SESSION:e611-***-4960) Pre-Auth Processing: submit-authentication
      2012-10-02T12:34:28.420+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [ProcessorSubmitAuthentication] (SESSION:e611-***-4960) Setting auth request screen name: authType-securid-passcode=true
      2012-10-02T12:34:28.421+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusAuthFilter] (SESSION:e611-***-4960) Setting label('HANradiusToken') and sub type ('') in request
      2012-10-02T12:34:28.421+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [ProperoAuthFilter] (SESSION:e611-***-4960) Attempting to authenticate against RADIUS
      2012-10-02T12:34:28.421+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusAuthSessionState] (SESSION:e611-***-4960) RADIUS bound, username: N/A
      2012-10-02T12:34:28.422+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusAuthFilter] (SESSION:e611-***-4960) RADIUS authentication: user credentials supplied for user loonv
      2012-10-02T12:34:28.422+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusAuthFilter] (SESSION:e611-***-4960) RADIUS authentication attempt #0
      2012-10-02T12:34:28.422+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusClientImpl] (SESSION:e611-***-4960) create RadiusClient
      2012-10-02T12:34:28.423+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusServerConfig] (SESSION:e611-***-4960) username 'loonv' mapped to 'loonv'
      2012-10-02T12:34:28.423+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusClientImpl] (SESSION:e611-***-4960) authenticate: loonv
      2012-10-02T12:34:28.424+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusClientImpl] (SESSION:e611-***-4960) create RADIUS client: 10.0.0.101:1812, 3000
      2012-10-02T12:34:28.426+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusClientImpl] (SESSION:e611-***-4960) attempt #0 (using MSCHAP2)
      2012-10-02T12:34:28.437+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusClientImpl] (SESSION:e611-***-4960) Login for loonv challenged
      2012-10-02T12:34:28.437+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusClientImpl] (SESSION:e611-***-4960) State attribute list: 
      2012-10-02T12:34:28.438+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusClientImpl] (SESSION:e611-***-4960) Message attribute list: Reply-Message (18), Length: 55, Data: [OTP Challenge: DEMO ONLY!. Your password is xoqocuk46], 0x4F5450204368616C6C656E67653A2044454D4F204F4E4C59212E20596F75722070617373776F726420697320786F716F63756B3436
      2012-10-02T12:34:28.438+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusAuthFilter] (SESSION:e611-***-4960) 1 connection attempt(s) to 10.0.0.101
      2012-10-02T12:34:28.438+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusAuthFilter] (SESSION:e611-***-4960) authentication challenge
      2012-10-02T12:34:28.438+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusAuthFilter] (SESSION:e611-***-4960) RADIUS authentication took 16 ms
      2012-10-02T12:34:28.439+02:00 DEBUG (0ADC-0BD0) <TP-Processor5> [RadiusAuthFilter] (SESSION:e611-***-4960) Delaying failure response by additional 14984 ms