VMware Horizon Community
FredPeterson
Expert
Expert

Using 3rd party two-factor with VDM - not RSA tokens

Hello,

Our businesses utilizes CRYPTOCard tokens for two-factor authentication and we would like to utilize these for our partner company (who uses our CRYPTOCard system) authentication for their VDI/VDM they are starting up.

There is a plugin available for IIS...but VDM is its own self contained tomcat apache I've learned.

Basically we want people to authenticate with their CRYPTOCard first, then be forwarded to the VDM page for their Active Directory credentials. Now, we could easily just change listening ports for IIS or VDM, but that doesn't prevent people from just bookmarking the VDM page. I'd want the VDM page to check if the two-factor has occurred and if not, redirect them to the two-factor authentication page.

Short of 'hacking' the Java JAR files for the VDM instance and finding the index page and putting cookie 'retrieval' code in and having cookie creation code on our two-factor page...I'm not sure of any other way of utilizing our two-factor. But of course doing that probably violates some EULA and/or would prevent the partner company from getting any support.

Any ideas folks?

Reply
0 Kudos
6 Replies
korpy
Enthusiast
Enthusiast

Hi Fred,

Any ideas folks?

I'm dealing with this same issue and I'm going to (try to) solve this problem with Novell's Access Manager. I haven't worked this out yet, but will do when I'm back from holiday. Basicly it should work like this: the NAM sits between the users and the vdm box. The vdm url will be trapped by NAM, enforcing authentication with a token. If this succeeds, NAM will pass this authentication to vdm, so users don't have to log on seperatly.

regards -frank-

Reply
0 Kudos
MKJE
Enthusiast
Enthusiast

Hi,

we are using a 3rd party solution from Giritech. After validation the program launches the URL to the VDM. Works without any problems.

Regards

Mikael

Reply
0 Kudos
FredPeterson
Expert
Expert

How are you preventing people from just bookmarking the real VDM URL though, or does the Giritech and NAM products provide a gateway type interface such that all traffic has to flow through the gateway to get to the VDM URL?

Reply
0 Kudos
MKJE
Enthusiast
Enthusiast

Users validated on our LAN are allowed to connect directly to the VDM. From outside the only way to connect is to use the Giritech server as gateway.

Regards

Mikael

Reply
0 Kudos
korpy
Enthusiast
Enthusiast

Hi Fred,

How are you preventing people from just bookmarking the real VDM URL though, or does the Giritech and NAM products provide a gateway type interface such that all traffic has to flow through the gateway to get to the VDM URL?

Indeed, all traffic for vdm will be handled by the novall access manager. From the outside world there is no other way to reach the vdm. I have done this for other applications, not for vdm yet, but will keep you posted.

regards -frank-

Reply
0 Kudos
vasanthgvk
Contributor
Contributor

ArrayShield IDAS Two factor authentication is the best alternative to Hardware Token based 2FA system.

We have now added support to VMWare applications.

ArrayShield IDAS 2FA solution is a patented, multi-award winning product that stands out from the other Two factor authentication product for its innovative solution on using a simple plastic card and pattern combination to derive One Time Secret Code. This gets rid of various dependencies like Hardware token, Smart Card or Mobile networks.  Kindly go through our product demo video to understand the product better.

http://www.arrayshield.com/products/howitworks

Reply
0 Kudos