We are running an SA2000 with v6.3R5. We are in the process of evaluating version 7.1 of RSA which supports on-demand tokens, via sms or email. We are testing this out through the Juniper but I am having great difficulty in making this work.
I have configured a Radius Auth Server and entered the relevant config items and updated the realms accorrdingly. When I login it doesn't even try to trigger the on-demand password request from the RSA box, just comes back telling me secondary password is incorrect (primary passwords comes from AD). I'm not sure if this is a Juniper problem or the way I have configured the RSA server (which has radius running)
I followed the steps starting from page 30 of this document http://www.nordicedge.se/juniper/Step-by-step_Installation_Guide_Juniper_&_Nordic_Edge_One_Time_Password.pdf
Can anyone provide me with the steps required to configure this on Juniper?
Just to add to this now, I have made a bit more progress. I now have RSA Self Service running and I can have the user request a token code through the self service page. Then this token code combined with a PIN number allows them to authenticate through Juniper.
My question is how can I bring this token code request out to the Juniper so the user doesn't have to log on to RSA self service to request the token?Thanks
i don't think you can do this with RSA. The self service page is your only option but i am no expert on RSA 7.1 though
Now we are moving to a Strong authentication vendor called VASCO they offer more capabilities than RSA for 1/4th the price. Any way the way they handle this is by typing in a pass phrase with your username in Juniper so
you go to the login page that you normally go to for juniper. You type in your username and if you dont have your token you type in "sendmepassword" in the password field. Juniper just passes this information to the back end vasco server and server sees the username and the phrase and looks up your cell phone number in it's DB and send you an SMS with the OTP. This works beautifully.