Using OpenOTP to authenticate remote desktop gateway users
3,399 views
Skip to first unread message
Olda
Apr 3, 2014, 3:09:54 AM4/3/14
to rcdevs-t...@googlegroups.com
Hello,
did anybody try to use Open OTP to authenticate users which connects to terminal server (Win 2012) through remote desktop gateway and remote desktop webaccess (also Win2012) ?
did anybody try to use Open OTP to authenticate users which connects to terminal server (Win 2012) through remote desktop gateway and remote desktop webaccess (also Win2012) ?
We have remote desktop session host server and in front there is remote desktop gateway server with possibility to use RD gateway or RD WebAccess. It is possible to secure both type of external connections with OpenOTP?
I would like to know that it is possible before I start to test it :-)
Best regards,
Oldrich
Administrators
Apr 25, 2014, 3:44:26 AM4/25/14
to rcdevs-t...@googlegroups.com
Hy,
Yes it is possible with the OpenOTP Credential Provider (plugin for Windows Login),
and we have just released it yesterday!
It's available in the Integration Plugins:
http://www.rcdevs.com/downloads/index.php?id=Integration+Plugins
thank you,
regards,
Yes it is possible with the OpenOTP Credential Provider (plugin for Windows Login),
and we have just released it yesterday!
It's available in the Integration Plugins:
http://www.rcdevs.com/downloads/index.php?id=Integration+Plugins
thank you,
regards,
Matt VanCleve
Aug 8, 2014, 3:15:54 PM8/8/14
to rcdevs-t...@googlegroups.com
Hi there,
I was looking into the OpenOTP Plugin for Windows and it seems to authenticate at the windows system login session. I've tried the OpenOTP RADIUS server for this past year without any luck to secure Remote Desktop Gateway. Have there been any recent changes for RADIUS working with Remote Desktop Gateway or to secure the session at the gateway level before the system login?
Thanks,
Administrators
Sep 25, 2014, 11:00:34 AM9/25/14
to rcdevs-t...@googlegroups.com
We tried to integrate RDG with OpenOTP MFA.
In fact it does not work because the RDG engine is not able to work via RADIUS challenge.
In RD, the AD password is always checkd locally on the RDG and the MFA is checked via NPS and RADIUS.
But the problem is that there is no way to prompt the user for OTP (NPS does not accept RADIUS challenges).
So the documented integration here (http://technet.microsoft.com/en-us/library/dn394287.aspx) works only with MFA methods without a challenge.
In this example, the user recieved a SMS asking for a PIN code. The users sends back a SMS response with a PIN.
The RDG login is waiting until the MFA server has finished the transaction.
This cannot work with OATH Tokens, out-of-band SMS OTP, Yubikey etc...
In fact it does not work because the RDG engine is not able to work via RADIUS challenge.
In RD, the AD password is always checkd locally on the RDG and the MFA is checked via NPS and RADIUS.
But the problem is that there is no way to prompt the user for OTP (NPS does not accept RADIUS challenges).
So the documented integration here (http://technet.microsoft.com/en-us/library/dn394287.aspx) works only with MFA methods without a challenge.
In this example, the user recieved a SMS asking for a PIN code. The users sends back a SMS response with a PIN.
The RDG login is waiting until the MFA server has finished the transaction.
This cannot work with OATH Tokens, out-of-band SMS OTP, Yubikey etc...
Alex XblX
Nov 18, 2015, 12:14:49 AM11/18/15
to RCDevs Security Solutions - Technical
Try WinOTP
Reply all
Reply to author
Forward
0 new messages