cancel
Showing results for 
Search instead for 
Did you mean: 

Custom Login Page for a MAG2600 with two factor authentication

SOLVED
Highlighted
Occasional Contributor

Custom Login Page for a MAG2600 with two factor authentication

I am currently trying to configure a custom VPN login page for a MAG 2600 Device. The MAG device is using a Symantec VIP service to authenticate against which is working fine, however users are required to authenticate with a combination of AD username and AD password + VIP token (2x input fields). what i would like to create is a custom login page for the VPN that allows for the entering of seperate fields (3x iput fields) that would concatenate the ad password + the token to allow for access aswell as allow for advanced features such as SSO.

 

 

Current Environment:

2 Input boxes (1x Username, 1x Password)

the user currently authenticatesagainst the VIP based on an AD Username and a AD Password + their VIP Token number. (working)

 

Desired Environment:

3 Input boxes: (1x username, 1x AD Password, 1x VIP Token number)

ad password and token are concatenated

users can take advantage of  features such as SSO

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Super Contributor

Re: Custom Login Page for a MAG2600 with two factor authentication

I think dcvers is on the right track, but it could be simpler. 

 

Again, this depends on doing multiple authentications - one to AD and one to VIP.  I think you can leave all the fields in place having the user enter the token in the secondary password field.  Then, in the function dcvers described, just do something like -

 

password2 = password + password2;

 

to set the secondary password to the concatenation of the AD password and the token.

 

Unfortunately, there is no way to pass anything from the login page to the internal logic of the SA except for the primary and secondary user IDs, the primary and secondary passwords, and the realm.  I'd love for Juniper to extend their custom variables construct to allow you to pass other information from the login page into the internal logic.

 

Ken

View solution in original post

5 REPLIES 5
Highlighted
Super Contributor

Re: Custom Login Page for a MAG2600 with two factor authentication

Can you do 2 authentications - one to AD and another to the VIP?  If so, you could do the following -

 

  1. Set up primary authentication to AD and secondary authentication to the VIP service.
  2. Create a custom sign-in page which prompts for three fields (ID, AD password, token).  The AD password should be put into the "password" field, and the concatenation of the AD password and the token could be put into the "password2" field.
  3. When you want to do SSO, you use the "password" field.

A caveat - I've never done this.

 

Ken

Highlighted
Occasional Contributor

Re: Custom Login Page for a MAG2600 with two factor authentication

Thankyou Kenlars,

 

On the track to what i am looking for, however i would like to enter each field seperately i.e

 

Username: johnsmith

Password: *********

Security Code: 02137408

 

then somehow concatenate the password + security code pass that to VIP, whilist only passing the password and username to allow for SSO. i think this may be more difficult than partical.

Highlighted
Regular Contributor

Re: Custom Login Page for a MAG2600 with two factor authentication

Not sure if it would work but you may be able to do this as follows:

1. Add a new input box for your Security Code

2. Hide the actual Secondary password input

3. Change the form on submit value to call a script e.g. onsubmit="return MyLogin(<% setcookies %>)"

4. Create a script like:

function MyLogin(setCookies) {
 /* Some code that sets the secondary password input as needed */
 Login(setCookies);
 return true;
}

Highlighted
Super Contributor

Re: Custom Login Page for a MAG2600 with two factor authentication

I think dcvers is on the right track, but it could be simpler. 

 

Again, this depends on doing multiple authentications - one to AD and one to VIP.  I think you can leave all the fields in place having the user enter the token in the secondary password field.  Then, in the function dcvers described, just do something like -

 

password2 = password + password2;

 

to set the secondary password to the concatenation of the AD password and the token.

 

Unfortunately, there is no way to pass anything from the login page to the internal logic of the SA except for the primary and secondary user IDs, the primary and secondary passwords, and the realm.  I'd love for Juniper to extend their custom variables construct to allow you to pass other information from the login page into the internal logic.

 

Ken

View solution in original post

Highlighted
Occasional Contributor

Re: Custom Login Page for a MAG2600 with two factor authentication

Thankyou dcvers and ken,

 

i will work away at this and refresh my memory on javascript to see if this is at all possible. i will get back if i have any success.