2 Factor Authentication with a CLI XMPP client

Similar Messages

• How can I implement  Multi Factor authentication with IAM products?

  Hi I would like to implement multi factor authentication that can be made generic with all IAM produts. Can anyone suggest an MFA factor like that? It shudnt be an add on or plug in. Instead it should be an in built feature. Can anyone suggest any idea?

  Opensso has such feature built-in. You can create an authentication chain in which you can add as many authentication mechanisms as you need.
  Although it is a built-in feature, there's no full support for all sorts of authentication methods. Some of them exist as plugins, like authentication modules for smart cards and biometrics because they are not sold by Sun Microsystems. However, there's a solution for you requrement even tough you might add some auth modules as plugins like biobex, activcard or auth modules from other vendors.
  Regards.

• Multi-Factor Authentication with Azure, need to know limitations

  Hello,
  This forum was recommended as a place to ask MFA questions.
  The manager desires all the domain admins accounts to use MFA, when used for any purpose, but especially for when these accounts are used for managing the domain, either via workstation/server login or elevation.
  Is these possible? What are the limitations?
  Please let me know.
  Thank you,
  -Bob

  On Mon, 9 Feb 2015 19:04:41 +0000, Littlebob wrote:
  This forum was recommended as a place to ask MFA questions.
  If you're asking specifically about Azure as per your subject then no, this
  isn't actually the correct forum. Post here:
  http://azure.microsoft.com/en-us/support/forums/
  This is for on-prem Windows Server. You might want to let whomever directed
  you here know that there are specific support forums for Azure.
  Paul Adare - FIM CM MVP
  "I've tried to convince many vegetarian friends that chicken are just
  fast-moving vegetables." -- Simon Cozens

• Network Policy Server Two-factor authentication OTP

  Hello,
  I don't have much knowledge about the Network Policy Server so before digging into this; I would like to know if it offers two-factor authentication. If so, what are the possibilites? I'm looking for a validation based on a one-time password OTP (hardware/software
  token or sms) and  the Active Directory user/pwd.
  Is there anything builtin in the Network Policy Server offering this?
  Thank you!

  Hi,
  NPS supports smart card.
  Two-factor authentication provides improved security because it requires the user to meet two authentication criteria: a user name/password combination and a token or certificate.
  A typical example of two-factor authentication with a certificate is the use of a smart card.
  To use smart cards for remote access authentication, we may do the following:
  Configure remote access on the remote access server.
  Install a computer certificate on the remote access server computer.
  Configure the Smart card or other certificate (TLS) EAP type in remote access policies.
  Enable smart card authentication on the dial-up or VPN connection on the remote access client.
  For detailed information, please refer to the link below,
  Using smart cards for remote access
  http://technet.microsoft.com/en-us/library/cc783310(v=WS.10).aspx
  Best Regards.
  Steven Lee
  TechNet Community Support

• What is the best practices to apply two factor authentication on on-premise Exchange 2013 Environment ?

  Hi, Everyone
  i want to know what is the requirements to apply two factor authentication in Exchange 2013, Through Mobile or SMS.
  what is the third party solutions of Microsoft solutions

  Hi,
  If we can deploy Active Directory Federation Services (AD FS) 2.0, it means that Outlook Web App and EAC in Exchange 2013 SP1 can support multifactor authentication methods, such as certificate-based authentication, authentication or security tokens, and
  fingerprint authentication.
  Additional, we can use TMG or Microsoft UAG to deploy MFA, please refer to:
  https://social.technet.microsoft.com/Forums/exchange/en-US/f355ffbd-7d03-45d8-b4b1-987b2db5eadf/is-there-a-way-to-do-two-factor-authentication-with-outlook-web-app-2010?forum=exchangesvrgenerallegacy
  Best Regards,
  Allen Wang

• Apple mail and google 2 factor authentication

  I am using 2 factor authentication to connect with gmail. I receive messages without a problem, but when I try to send mail I frequently get a cannot connect error asking for the password to be re-entered. I will then get a new application specific password for gmail and replace the SMTP password. That will work for a day or two, but then it will again fail for sending messages.
  Does anyone know if there are particular problems using 2 factor authentication with gmail and OSX mountain lion mail> Am I missing some setting?
  thanks for any insights.

  I had looked there several times - and it didn't specifically discuss 2 factor authentication - that is why I posted my question. I had followed instructions and continued with problems.
  Yesterday there was a Macworld article posted online about gmail imap. One thing mentioned in the article that is in addition to what is on the google site is that under system preferences there is a mail contacts panel where the gmail password can also be entered.
  I generated a new app specific password and entered it in all three places (sys pref panel, imap server, and smtp server.)
  At this time that seems to be working.
  Will have to see if it sticks.
  Google also had a help item suggesting that if the ask for password dialog pops up when attempting to send mail then get a new app specific password and enter it into that box.
  Hopefully the issue is resolved. will give it a few days to be sure.
  Thanks

• Second factor authentication via mail

  hello
  I would like to know whether it is possible with NW SSO to send an automated mail with a randomly generated code as part of the 2 factor authentication scheme
  thanks in advance and best regards
  Michele

  Hello Michele,
  The solution is available as part of the two-factor authentication with OTP (SAP Single Sign-On 2.0) and requires an access policy development. See more details about access policies as part of the SAP Single Sign-On 2.0 here:Access Policies Implementation Guide - SAP Library
  Best regards,
  Donka Dimtirova

• Is ASA integration with ISE and RSA for 2 factor authentication a valid/tested design

  Hi,
  Customer currently uses ASA to directly integrate with RSA kind of solution to provide 2 factor authentication mechanism for VPN user access.  We're considering to introduce ISE to this picture, and to offload posture analysis from ASA to ISE.  And the flow we're thinking is to have ASA interface to ISE and ISE interface to RSA and AD backend infrastructure.  And we still need the 2 factor authentication to work, i.e., customer gets a SMS code in addition to its login username and password.  I'm wondering if ASA/ISE/RSA/AD integrated solution (and with 2 factor authentication to work) is a tested solution or Cisco validate design?  Any potential issue may break the flow?
  Thanks in advance for any input!
  Tina

  Hi,
  I have an update for this quite broad question.
  I have now came a bit further on the path.
  Now the needed Radius Access Attribute are available in ISE after adding them in
  "Policy Elements" -> "Dictionaris" -> "System" -> "Radius" -> "Cisco-VPN3000".
  I added both the attribute 146 Tunnel-Group-Name which I realy need to achive what I want(select diffrent OTP-backends depending on Tunnel Group in ASA) and the other new attribute 150 Client-Type which could be intresting to look at as well.
  Here the "Diagnostics Tools" -> "Generel tools" -> "TCP Dump" and Wireshare helped me understand how this worked.
  With that I could really see the attributes in the radius access requests going in to the ASA.
  Now looking at a request in "Radius Authentication details" I have
  Other Attributes:
  ConfigVersionId=29,Device Port=1025,DestinationPort=1812,RadiusPacketType=AccessRequest,Protocol=Radius,CVPN3000/ASA/PIX7.x-Tunnel-Group-Name=SMHI-TG-RA-ISESMS,CVPN3000/ASA/PIX7.x-Client-Type=,CPMSessionID=ac100865000006294FD60A7F,.....
  Ok, the tunnel group name attribute seems to be understood correct, but Client-Type just say =, no value for that.
  That is strange, I must have defined that wrong(?), but lets leave that for now, I do not really need it for the moment being.
  So now when I have this Tunnel-Group-Name attribute available I want to use it in my Rule-Based Authentication Policy.
  Problem now is that as soon as I in an expression add a criteria containing Cisco-VPN3000:CVPN3000/ASA/PIX7.x-Tunnel-Group-Name matches .* (just anything), then that row does not match any more. It still work matching against NAS-IP and other attributes.
  What could it be I have missed?
  Best regards
  /Mattias

• Having trouble with Google 2 factor authentication and Mac Calendar

  Hello!  I recently started using Google 2-factor authentication on my Google Apps (Pro) account, and have successfully configured my gmail settings in OS X Mail so that inbound/outbound work correctly.  Here's where the problem is:  OS X uses a single password in the system account settings for calendar/contacts/notes, etc, so enter the login/password once and check the boxes for what services you want to use. But Google sees these as distinctly different apps, so when I enter an app-specific password, it only registers for one (i.e.:  contacts), but not for another or the rest of them (like calendar).  Has anyone had experience in setting this up? How can you get app-specific passwords to work with the rest of the OS X system applications besides mail?
  Thank you!

  Unfortunately, I already tried this several times prior to posting here.  The system won't let me add the same account more than once, and continues to prompt me for a password multiple times for each service.

• Visual Studio 2013 Community Azure Login Not Working with Two-factor Authentication

  Has anybody had any problems logging in to Azure to publish when using Visual Studio 2013 Community and with two-factor authentication turned on?
  I couldn't log on until I turned off two-factor authentication.
  Regards

  Hello John,
  Thanks for posting here!
  You can try and set a credential helper like
  git-credential-winstore in order to cache your credentials. See if that helps.
  Couple of questions here:
  1) Are you using a MSA account by any chance?
  2) When you turn on two-factor authentication, do you get any error message?
  3) Did you try with different browsers?
  Looking forward to your response!
  Regards,
  Sadiqh

• Integrated Windows Authentication with a WebSphere Cliente

  Hi all,
  I need to write a web service client that connects to a .NET Web Service that is configured to use Integrated Windows Authentication (NTLM).
  I'm using the IBM WebSphere Runtime environment for the client and using the web service client wizard in the RSD 6.0.1.
  When I try to call a method in the .NET web service, I get the error shown below. If I configure the .NET web service to permit Anonymous Access, my client works fine.
  Does anybody know if the WebSphere web services engine supports Integrated Windows Authentication? If so, how can I configure my cliente to pass my credentials? Do people use this type of authentication if the web service will be called by non Windows clientes or is it better to use Basic Authentication with HTTPS or digital certificates?
  I've read that Apache Axis can be configured to use integrated windows authentication (http://people.etango.com/~markm/archives/2005/11/21/using_apache_axis_with_integrated_windows_security.html) by using a different HTTP transport class (CommonsHTTPSender).
  Thanks in advance!
  Craig
  [14/06/06 10:06:56:805 GMT-03:00] 00000031 enterprise I WSWS3243I: Info: Mapping Exception to WebServicesFault.
  [14/06/06 10:06:56:821 GMT-03:00] 00000031 enterprise I TRAS0014I: The following exception was logged WebServicesFault
  faultCode: {http://schemas.xmlsoap.org/soap/envelope/}Server.generalException
  faultString: java.lang.StringIndexOutOfBoundsException
  faultActor: null
  faultDetail:
  java.lang.StringIndexOutOfBoundsException
       at com.ibm.ws.webservices.engine.WebServicesFault.makeFault(WebServicesFault.java:179)
       at com.ibm.ws.webservices.engine.transport.http.HTTPSender.invoke(HTTPSender.java:490)
       at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:218)
       at com.ibm.ws.webservices.engine.PivotHandlerWrapper.invoke(PivotHandlerWrapper.java:218)
       at com.ibm.ws.webservices.engine.WebServicesEngine.invoke(WebServicesEngine.java:274)
       at com.ibm.ws.webservices.engine.client.Connection.invokeEngine

  Here's a project ( [http://spnego.sourceforge.net/protected_soap_service.html|http://spnego.sourceforge.net/protected_soap_service.html] ) that shows how to write a soap client that can connect to a soap web service with integrated windows authentication turned on.

• Trouble with iCloud 2 factor authentication in outlook app

  I am using 2 factor authentication on my iCloud account.  I recently downloaded and setup Microsoft's new outlook app on my iPhone and iPad.  I find it very useful for what I like to do.  I added all of my email accounts as well as dropbox and other things with no issue (gmail, outlook, and dropbox have 2 factor enabled as well).  I generated a passcode for iCloud on the 'manage apple ID' site.  I inputted it into the iPhone first and it worked like a charm. Then, however, I did the same thing on my iPad. Initially, I generated a new passcode, and used that for the iPad.  It worked, but then when I used the iPhone I got the message "We are having trouble accessing your account.  Please login again."  And it brings up the window to put in the passcode.  I thought it might work if I used the same password for both the iPad and iPhone but the same thing happens.  As soon as I put a passcode in one the other stops working.
  Some more details in case it is relevant.  I use outlook on the PC as well (also uses generated iCloud passcode), and it is unaffected.  As I said, I use other accounts with 2 factor, and they all work fine on both the iPad and iPhone in the same app.  I am using an iPhone 6 Plus and a 4th Gen iPad, both running iOS 8.1.3.  I am nowhere near the maximum generated app passwords under iCloud.  I am receiving an email each time I generate a passcode and it shows up in my history.  I am giving the passcodes different names.

  Hi,
  You'll have to create an App-specific password to work around this.
  Go to:   https://appleid.apple.com/account/home
  Select: Manage your Apple ID
  Log in with your credentials and if applicable your Verification Code
  Select: Password and Security
  Select: Generate an App-Specific password
  You'll have to give the app a name. You can use the generated password for Outlook. You can use the same password on all of your iDevices that has Outlook for iOS if applicable.
  Have fun
  Lennard

• Can you use Multi Factor Authentication server with Central NPS and RD Gateway?

  Hi,
  Does anyone have any experience getting the Azure Multi-Factor Authentication (MFA) on-premise server, working with a Remote Desktop Gateway server, and a centralised NPS server?  I can get a solution whereby a user can get the second token (phone call/sms
  etc.) but the connection never gets established.  It looks like its looping as it repeats the phone call/text for a second time but again no connection.  I can’t figure out why.
  All the blogs are very vague as to whether you can combine a new MFA NPS connection policy with an existing username/group membership NPS policy on a centralised NPS server (with RAP/CAP policies).
  I need to understand whether we can combine both an MFA Radius policy with a Username/Password plus group membership NPS policy together to achieve two factor authentication.
  Do you have the Remote Desktop Gateway Server connect to the Central NPS server and then the NPS server use the MFA server as its proxy server? In effect turning the NPS server into a proxy Radius server?  
  Or do you configure the Remote Desktop Gateway server to use the MFA server as the proxy Radius server, and configure the MFA server to send on Radius requests to the central NPS server?
  Or either of these scenarios not supported and you can only use the MFA server as the only Radius server in the auth. process? (bypassing NPS policies?)
  Thanks if someone can assist,
  I’ve been using these blogs but to no successful effect:
  http://technet.microsoft.com/en-us/library/dn394287.aspx
  http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/
  http://dave.harris.uno/installing-and-configuring-azure-multi-factor-authentication-mfa/

  Hi Michael,
  Thank you for posting in Windows Server Forum.
  After going through your description, I can say that we can use MFA server with central NPS and RD Gateway. Also the link which you have provided points the step to apply. In addition you can refer below article.
  Configure Remote Desktop Gateway to use Multi-Factor AuthenticationConfigure Remote Desktop Gateway to use Multi-Factor Authentication 
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support

• I don't get SMS messages with the code from Apple with two factor authentication

  As soon as Apple enabled two factor authentication in Mexico, I activated the feature. For some time everything worked well. When iOS 8 was launched, I started updating my devices. I was able to update an iPad Air as well as my iPhone 5 (which is the device used for verification). However, when I tried to update my iPad mini, I couldn't. I stopped receiving SMS messages from Apple with the code for verification. Now I am stuck with an iPad mini that I cannot use with my Apple ID and I cannot use iCloud on my brand new iPhone 6 (anticipating the problem, I backed up my iPhone 5 with iTunes and I am up and running, but with no iTunes match and no iCloud backup).
  I have spent time on the phone with Apple support, who promised to return my call with a solution, but they never called back.
  Just a final note. I do not have the recovery key. I trusted Apple and never thought I would need it. The fact is I still think it is Apple's problem because the SMS messages should get to my phone, and they don't. I do not really care losing my iCloud Backups or my photos (I have them all backed up elsewhere) but I don't want to lose my e-mail address (a .mac domain) nor my purchases.

  I sent a message to that person. He replied, but I didn't get anything. To make it even more puzzling, I asked him to cc to my wife and she got his message. Then I asked her to forward it to me, and again I didn't get anything. Next, I  found an old message from that guy and forwarded it to myself. Same effect - the message disappears, although the "sent" folder has a copy!

• Vmware horizon radius integration with two factor authentication

  -1 down vote  favorite
  I have deployed vmware horizon view connection server (Evaluation/Trial version), i want to integrate it with two factor authentication server. But after configuring RADIUS parameters in admin portal of connection server, it’s not allowing me to save the settings. Please suggest.
  I have attached the snap for your reference.

  The SMTP server supports what is referred to as third party authentication. To take advantage of this you would need to provide all of the authentication code, however -- there's no way to do part of the authentication and then pass control back to the messaging server for the rest. So you'd need to do both password checks, one of which is presumably done via LDAP auth, yourself.
  As far as LDAP proxy and RADIUS, we use a standard LDAP simple bind. The ODSEE LDAP proxy is often used in OCMS deployments, so that is a known good solution. We don't directly support RADIUS; the aforementioned third party authentication could be used to tie into such a system.
  - Jeff