Security

Is it possible to do 2 factor authentication in Clearpass i.e access with user credentials as well as token based password?

Right now, I am able to do it either with user credentials or with token based password.

Is that just for web portal type auth requests or would it work for eap based wpa2-enterprise auths as well ?

Any documentation as to how to implement 2FA? 

Rgds

Alex

You really don't want to get into MFA at the supplicant level using RADIUS. It's messy and is a terrible user experience.

You can use API-based MFA as part of an 802.1X sandwich flow. We've only tested DUO and GoVerifyID.

Unfortunately I haven't had a chance to write it up as there has been very little demand.

I've just set up a LINOTP box, primarily for our StrongSwan VPN  dev service which should provide similar functionaliy to the DUO setup.

A

I need to setup a demo of ClearPass with Imageware biometric authentication, but without documentation, it seems I can't join the dots of the configuration steps. Anyone to help on this?

I have setup OpenOtp as my Token server

I created a service in CPPM with authentication source as Openotp token server and once I enable LDAP as well as OTP for a user in token server CPPM shows rejected.

In packet capture logs I saw OpenOtp is asking for token password once LDAP password is authenticated but CPPM is not asking for token password

Can clearpass be configured to respond to access-challenge response from token server?? How can CPPM provide token password to the token server