We are running on a SA appliance the Juniper 7.1 release. Client-side we are currently testing Junos Pulse (188.8.131.5295) as a possible replacement for Network Connect.
Now the users can generate a token with a PIN code from within the RSA softtoken (184.108.40.2066) and then copy/paste (or type it back) to the Juniper "passphrase".
According to the documentation, there is a transparent integration with RSA SecureId Software Token. So if my understanding is correct the user would only type its PIN code from within Juniper Pulse. Unfortunately we were unable to make it work.
Is there a specific settings that we need to enable in the registry or in a config file for Junos Pulse to interact with RSA SoftToken?
Thanks in advance.
If you are using 4.1.1, you need to make sure to download the Desktop Application with Software Token
Automation" or it will not work. From my own testing, the rsa application never detected my token correctly so I had to go down to 4.1.0 to finally get it to work.
This is stated in the Pulse 3.0 release notes (http://www.juniper.net/techpubs/software/pulse/releasenotes/j-pulse-3.0r1-releasenotes.pdf)
We did actually cross-checked (RSA 4.1.0 & 4.1.1 w/automation) with both Junos Pulse 2.1 and 3.0R1 but it doesn't proceed to automation (i.e. users enter his PIN within Junos Pulse).
What we have noticed is that EAP-GTC is needed to get Junos proceed to the automation.
Starting from the SA we are passing through a Cisco ACS before going to the RSA. Then the Cisco ACS talks with RSA through RSA protocol (not radius).
Should we enable Radius between Cisco ACS and RSA Ace to get the automation to work?
Thx in advance
I have not run into a situation like this, but it seems to be a good assumption. I would say if you are seeing the EAP packet either in a packet capture or the debuglog.log, its a good chance this is the cause. I would need to review the debuglog.log to get a clear picture where Pulse may be failing. Do you have a case open for this issue?