privacyidea + OpenLdap + Cisco ASA SSL - VPN
278 views
Skip to first unread message
Vimal Gupta
Apr 22, 2016, 7:48:45 AM4/22/16
to privacyidea
Hi group,
we want to implement 2 factor authentication for our SSL VPN. Can we setup this using privacyidea also we have our OTP gateway which has http apis to send sms. Can someone let me know if this is possible.
we want to implement 2 factor authentication for our SSL VPN. Can we setup this using privacyidea also we have our OTP gateway which has http apis to send sms. Can someone let me know if this is possible.
Cornelius Kölbel
Apr 22, 2016, 9:56:31 AM4/22/16
to priva...@googlegroups.com
Hello Vimal,
you SSL VPN should be able to authenticate the user via RADIUS.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98594-configure-radius-authentication.html
Then you can setup privacyIDEA and the RADIUS server on the privacyIDEA
server.
http://privacyidea.readthedocs.org/en/latest/installation/ubuntu.html
http://privacyidea.readthedocs.org/en/latest/application_plugins/radius.html?highlight=radius
You have an SMS gateway which has an HTTP API to send SMS? Great.
You can configure the SMS tokens to use this gateway.
Please note, that authenticating with SMS is a challenge response
authentication or - like Google calls it - two step verification.
http://privacyidea.readthedocs.org/en/latest/configuration/tokenconfig/sms.html
Kind regards
Cornelius
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
you SSL VPN should be able to authenticate the user via RADIUS.
http://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/98594-configure-radius-authentication.html
Then you can setup privacyIDEA and the RADIUS server on the privacyIDEA
server.
http://privacyidea.readthedocs.org/en/latest/installation/ubuntu.html
http://privacyidea.readthedocs.org/en/latest/application_plugins/radius.html?highlight=radius
You have an SMS gateway which has an HTTP API to send SMS? Great.
You can configure the SMS tokens to use this gateway.
Please note, that authenticating with SMS is a challenge response
authentication or - like Google calls it - two step verification.
http://privacyidea.readthedocs.org/en/latest/configuration/tokenconfig/sms.html
Kind regards
Cornelius
--
Cornelius Kölbel
corneliu...@netknights.it
+49 151 2960 1417
NetKnights GmbH
http://www.netknights.it
Landgraf-Karl-Str. 19, 34131 Kassel, Germany
Tel: +49 561 3166797, Fax: +49 561 3166798
Amtsgericht Kassel, HRB 16405
Geschäftsführer: Cornelius Kölbel
Reply all
Reply to author
Forward
0 new messages