I would also like to know this. I first added the UDID of the iPad into device settings in Mobile Security Gateway but it remains inactive/unregistered and when I try to Send Commands it says that commands cannot be sent to inactive/unregistered device. so real confusion here. The documentation suggests that auto-registration is available for the iPad / iPhone but no further information around. Using version 3.0 ... View more

I tried the custom page today but it loads with errors and now appears to be out of date. Do you have an update. This was on 2/2/2011. Thanks ... View more

Sorry butI have no experience of this and can't offer any advise. ... View more

Hi Kevin I got this working and it was nothing to do with the Juniper. The customer has not set up the replication correctly for his SafeWord environment so the server we were pointing at had an incomplete configuration. I think I was looking too deeply into this as once this was done it just worked by configing a RADIUS Authentication Server and ticking the box to say that it was using one time passwords or tokens. So I dont know why Juniper say it is not supported, my guess is that they assumed I wanted to use an Auth Server similar to the ACE Server used for RSA, not sure. Anyhow thanks for your help and interest. Regards Simon JNCIA-SSL JNCIA-FWV ... View more

I believe it to be Async. The login page I have created askes for Username, Domain Password and TokenCode. Username is the same for both. When I look at the RADIUS on Safeword it displays a security error: Failed MAC check on message, then failed authentication; eap return code: 3 swec result code: 3 statusMsg: failed authentication. Juniper have now told me that Safeword is not supported but it works okay with a static password and the way safeword works is that unlike RSA with a changing passcode, here you can request passcodes that remain valid until they are used (almost like a static one time password). Also this works with Citrix Application Gateway so surely it can't be that difficult?? ... View more

Kevin thanks for your reply. I will look at this again in the morning as it is a bit late now and give you some more detai then. Simon. ... View more

As you may have seen I am having a problem with SafeWord tokens that authenticate with a static password but not with a tokencode. I tried your .* custom method but no joy. Tomorrow I have been given access to customers RADIUS server to see if I can get any more information. If you can offer any further troubleshooting hints from your experience it would be very helpful. ... View more

Thanks for your reply. I knew that LDAPS was required for full functionality but thought that without it we would still get the opportunity to change the password on the day it expired. Anyhow I am arranging for port 636 to be allowed etc. for LDAPS so hopefully that will be the cure all. This is what Juniper says : "Using AAA Server of Active Directory, an end user will be prompted to change their password only on the day that it expires. However, using LDAPS server with a certificate from a trusted CA, or a certificate created on a Microsoft server, if a user's password expires in 14 days, it will prompt the user and allow the user to change password provided you are using LDAPS with Advanced License. If you would like end users to receive warnings that their password will expire in x days, then you need to set the IVE up to authenticate users to an LDAP server pointing at the AD server." So I am still not sure why we were getting nothing. Simon ... View more