Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configuring One Time Passwords

meh_
Frequent Contributor
‎07-12-2009 10:33:PM
‎07-12-2009 10:33:PM

Configuring One Time Passwords

Hi

We are running an SA2000 with v6.3R5. We are in the process of evaluating version 7.1 of RSA which supports on-demand tokens, via sms or email. We are testing this out through the Juniper but I am having great difficulty in making this work.

I have configured a Radius Auth Server and entered the relevant config items and updated the realms accorrdingly. When I login it doesn't even try to trigger the on-demand password request from the RSA box, just comes back telling me secondary password is incorrect (primary passwords comes from AD). I'm not sure if this is a Juniper problem or the way I have configured the RSA server (which has radius running)

I followed the steps starting from page 30 of this document http://www.nordicedge.se/juniper/Step-by-step_Installation_Guide_Juniper_&_Nordic_Edge_One_Time_Password.pdf

Can anyone provide me with the steps required to configure this on Juniper?

Thanks

Message Edited by meh on 07-12-2009 10:34 PM
0 Kudos
2 REPLIES 2
meh_
Frequent Contributor
‎07-13-2009 09:53:PM
‎07-13-2009 09:53:PM

Re: Configuring One Time Passwords

Just to add to this now, I have made a bit more progress. I now have RSA Self Service running and I can have the user request a token code through the self service page. Then this token code combined with a PIN number allows them to authenticate through Juniper.

My question is how can I bring this token code request out to the Juniper so the user doesn't have to log on to RSA self service to request the token?

Thanks
0 Kudos
Mrkool_
Super Contributor
‎07-15-2009 09:44:AM
‎07-15-2009 09:44:AM

Re: Configuring One Time Passwords

i don't think you can do this with RSA. The self service page is your only option but i am no expert on RSA 7.1 though

Now we are moving to a Strong authentication vendor called VASCO they offer more capabilities than RSA for 1/4th the price. Any way the way they handle this is by typing in a pass phrase with your username in Juniper so

you go to the login page that you normally go to for juniper. You type in your username and if you dont have your token you type in "sendmepassword" in the password field. Juniper just passes this information to the back end vasco server and server sees the username and the phrase and looks up your cell phone number in it's DB and send you an SMS with the OTP. This works beautifully.

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.