Security

Reply
New Contributor

two factor authentication with Clearpass

Is it possible to do 2 factor authentication in Clearpass i.e access with user credentials as well as token based password?

Right now, I am able to do it either with user credentials or with token based password.

Guru Elite

Re: two factor authentication with Clearpass

Yes, you can use the Token Server authentication source with third party MFA solutions.  

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II

Re: two factor authentication with Clearpass

Is that just for web portal type auth requests or would it work for eap based wpa2-enterprise auths as well ?

 

Any documentation as to how to implement 2FA? 

 

Rgds

Alex

 

Guru Elite

Re: two factor authentication with Clearpass

You really don't want to get into MFA at the supplicant level using RADIUS. It's messy and is a terrible user experience.

 

You can use API-based MFA as part of an 802.1X sandwich flow. We've only tested DUO and GoVerifyID.

 

Unfortunately I haven't had a chance to write it up as there has been very little demand.


Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Super Contributor II

Re: two factor authentication with Clearpass

I've just set up a LINOTP box, primarily for our StrongSwan VPN  dev service which should provide similar functionaliy to the DUO setup.

 

A

New Contributor

Re: two factor authentication with Clearpass

I have setup OpenOtp as my Token server

I created a service in CPPM with authentication source as Openotp token server and once I enable LDAP as well as OTP for a user in token server CPPM shows rejected.

In packet capture logs I saw OpenOtp is asking for token password once LDAP password is authenticated but CPPM is not asking for token password

New Contributor

Re: two factor authentication with Clearpass

Can clearpass be configured to respond to access-challenge response from token server?? How can CPPM provide token password to the token server

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: