Configure MFA/ADFS integration with OpenOTP
261 views
Skip to first unread message
Shawn Harry
May 22, 2016, 12:58:36 PM5/22/16
to RCDevs Security Solutions - Technical
Hi all. Thanks for the great work with this product but i need some help regarding documentation. I have a vanilla installation of OpenOTP that i've installed onto my own Ubuntu server. I have installed the ADFS plugin on my ADFS server and the ADFS/OpenOTP plugin is configured to talk to my OpenOTP instance on my Ubuntu server. Where im struggling is i can't seem to find the right document in the doc repository on this web site that explains how to configure a user for MFA in the OpenOTP so that ADFS can authenticate them. When i attempt to login a user on the ADFS web form i get "
Shawn Harry
May 22, 2016, 3:05:06 PM5/22/16
to RCDevs Security Solutions - Technical
Looking in the wedadm log it says my LDAP domain doesn't exist or is disabled? I can login to the webadm admin page fine though and LDAP integration is working?
Shawn Harry
May 22, 2016, 4:22:46 PM5/22/16
to RCDevs Security Solutions - Technical
I'm now able to successfully test MFA using the "Test User Login" feature from the WebADM Control Panel for a user enabled for MFA in my Active Directory, but MFA from ADFS still fails with the following:-
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Username: us...@domain.com
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Domain: domain.com
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Client ID: ADFS
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Source IP: 10.0.0.1
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Options: -LDAP
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] Registered openotpLogin request
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] Domain 'domain.com' not existing or disabled
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] User invalid or not found
[2016-05-22 20:21:05] [10.0.0.9] [OpenOTP:34EA64FE] Sent failure response
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Username: us...@domain.com
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Domain: domain.com
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Client ID: ADFS
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Source IP: 10.0.0.1
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] > Options: -LDAP
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] Registered openotpLogin request
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] Domain 'domain.com' not existing or disabled
[2016-05-22 20:21:04] [10.0.0.9] [OpenOTP:34EA64FE] User invalid or not found
[2016-05-22 20:21:05] [10.0.0.9] [OpenOTP:34EA64FE] Sent failure response
Ibrahim MESLEM (RCDevs)
May 23, 2016, 6:00:03 AM5/23/16
to RCDevs Security Solutions - Technical
Hi ,
you can simply create a domain in webadm called domain.com
Shawn Harry
May 23, 2016, 6:03:49 AM5/23/16
to RCDevs Security Solutions - Technical
Hi Ibrahim. I managed to resolve the issue already. I renamed the default domain and then selected it in the drop down for MFA.
Reply all
Reply to author
Forward
0 new messages