How can I implement  Multi Factor authentication with IAM products?

Hi I would like to implement multi factor authentication that can be made generic with all IAM produts. Can anyone suggest an MFA factor like that? It shudnt be an add on or plug in. Instead it should be an in built feature. Can anyone suggest any idea?

Opensso has such feature built-in. You can create an authentication chain in which you can add as many authentication mechanisms as you need.
Although it is a built-in feature, there's no full support for all sorts of authentication methods. Some of them exist as plugins, like authentication modules for smart cards and biometrics because they are not sold by Sun Microsystems. However, there's a solution for you requrement even tough you might add some auth modules as plugins like biobex, activcard or auth modules from other vendors.
Regards.

Similar Messages

  • Can you use Multi Factor Authentication server with Central NPS and RD Gateway?

    Hi,
    Does anyone have any experience getting the Azure Multi-Factor Authentication (MFA) on-premise server, working with a Remote Desktop Gateway server, and a centralised NPS server?  I can get a solution whereby a user can get the second token (phone call/sms
    etc.) but the connection never gets established.  It looks like its looping as it repeats the phone call/text for a second time but again no connection.  I can’t figure out why.
    All the blogs are very vague as to whether you can combine a new MFA NPS connection policy with an existing username/group membership NPS policy on a centralised NPS server (with RAP/CAP policies).
    I need to understand whether we can combine both an MFA Radius policy with a Username/Password plus group membership NPS policy together to achieve two factor authentication.
    Do you have the Remote Desktop Gateway Server connect to the Central NPS server and then the NPS server use the MFA server as its proxy server? In effect turning the NPS server into a proxy Radius server?  
    Or do you configure the Remote Desktop Gateway server to use the MFA server as the proxy Radius server, and configure the MFA server to send on Radius requests to the central NPS server?
    Or either of these scenarios not supported and you can only use the MFA server as the only Radius server in the auth. process? (bypassing NPS policies?)
    Thanks if someone can assist,
    I’ve been using these blogs but to no successful effect:
    http://technet.microsoft.com/en-us/library/dn394287.aspx
    http://www.rdsgurus.com/uncategorized/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/
    http://dave.harris.uno/installing-and-configuring-azure-multi-factor-authentication-mfa/

    Hi Michael,
    Thank you for posting in Windows Server Forum.
    After going through your description, I can say that we can use MFA server with central NPS and RD Gateway. Also the link which you have provided points the step to apply. In addition you can refer below article.
    Configure Remote Desktop Gateway to use Multi-Factor AuthenticationConfigure Remote Desktop Gateway to use Multi-Factor Authentication 
    Hope it helps!
    Thanks.
    Dharmesh Solanki
    TechNet Community Support

  • How can I implement multi page display

    Hi,
    I'm implementing a user interface which will display similar sets of data depending on the stage of the operation they are in.
    I thought that the tabbed control would do where I could select the tab appropriate to the operation stage but I can't find a way of controlling the tab on display.
    Is there a control that affectively display a page of controls depending on an inpute state/value.
    Many Thanks
    Andy
    Solved!
    Go to Solution.

    AndyNC wrote:
    When I placed a Tabbed Control on the front panel I doesn't give me tab control but tab output.
     Right click the tab indicator and select change to control
    AndyNC wrote:
    I'm not familiar with propery nodes, can you point me to a tutorial on them.
    To write a value to a control in the same VI, it is best to use a local variable. Property nodes are best used sparingly. Most of them alter the appearance of the widget on the user interface panel, and will cause an instant switch to the UI thread. This behaviour can be managed in LabVIEW 2011 (interesting discussion)
    LabVIEW performance
    Some Benchmark checks
    AndyNC wrote:
    I have one remaining issue. The states that will control the tab control are text eg "Calibrate" and not numeric.
    I can find a way of linking the states typedef to the tab control values.
    If you create a typedef of the tab control, then all instances will have the same named pages. To add a page, alter the typedef custom control, and all instances will be updated. If you have LabVIEW 2011, a black triange will be added to the block diagram constants to show they are typedef controls.
    - Cheers, Ed

  • Multi-Factor Authentication with Azure, need to know limitations

    Hello,
    This forum was recommended as a place to ask MFA questions.
    The manager desires all the domain admins accounts to use MFA, when used for any purpose, but especially for when these accounts are used for managing the domain, either via workstation/server login or elevation.
    Is these possible? What are the limitations?
    Please let me know.
    Thank you,
    -Bob

    On Mon, 9 Feb 2015 19:04:41 +0000, Littlebob wrote:
    This forum was recommended as a place to ask MFA questions.
    If you're asking specifically about Azure as per your subject then no, this
    isn't actually the correct forum. Post here:
    http://azure.microsoft.com/en-us/support/forums/
    This is for on-prem Windows Server. You might want to let whomever directed
    you here know that there are specific support forums for Azure.
    Paul Adare - FIM CM MVP
    "I've tried to convince many vegetarian friends that chicken are just
    fast-moving vegetables." -- Simon Cozens

  • How can I GET Creative Cloud redeem with expired product

    I would like to redeem my creative cloud
    and they are sayiing that it's expired
    my school is the NEW SCHOOL Parsons in New York city
    and all students are able to use creative cloud for free
    and i don't know what i cannot use it

    Contact the school to see what the status of your account is.

  • DirSync and Multi-Factor Authentication Server

    Can DirSync and Multi-Factor Authentication Server be installed on the same server?
    If so would there be any security issues?

    Hi,
    Thanks for posting here!
    There are no known caveats with it but its not a combination we recommend for or against.
    That said, our standard guidance is to put different roles on different machines if resources are available.
    If you are running into any issues, please let us know.
    Hope this helps!
    Regards,
    Sadiqh
    If a post answers your question, please click Mark As Answer on that post and Vote as Helpful.

  • With Multi-Factor Authentication ENABLED how can a admin connect remotely to manage Office 365 with PowerShell

    With Multi-Factor Authentication ENABLED how can office 365 admin connect remotely to manage Office 365 with Power-Shell ?
    When I key-in my credentials, auth fails with invalid username and password ?
    Does any know the procedure ?

    This question was closed over a year ago.   You will  need to start a new question.  You can post a link back here if you think it helps.
    I also recommend asking in the O365 developers forum for how to do bulk license upgrades.  You can use the answer here and just remove and then add the new license. 
    ¯\_(ツ)_/¯

  • How can I implement a Digital I/O counter with a maximum source frequency of 80 MHz (like 6602 board) using CompactRIO?

    How can I implement a Digital I/O counter with a maximum source frequency of 80 MHz (like 6602 board) using CompactRIO? It appears as if the Digital I/O modules for CompactRIO are much slower than this.
    Thank you,
    --Ray

    Hi Ray,
    The highest frequency input we offer for C Series modules is 20 MHz if you are doing LVTTL and 10 MHz for 5 V TTL.  These modules are the 9402 and 9401, respectively.  Unfortunately, there is no 80 MHz input on this form-factor.
    Regards,
    Chris E.
    Applications Engineer
    National Instruments
    http://www.ni.com/support

  • How can I implement Authentication in LDAP

    How can I implement Authentication in LDAP.

    Hi,
    If ur using JAAS, then use NTLoginModule in ur conf file and your own defined CallbackHandler for validating and obtaining the Subject (user connected to your domain).
    Remember the user is the one which the code obtains when u login to your Domain based machine.
    Apart from this, Apache Http Server also provides you with a popup window asking for the user's credentials when u set the SSPIDomain in the httpd.conf file.
    httpd.conf
    ========
    <Location /Seet/servlet/ >
    SSPIAuth On
    AllowOverride None
    Order allow,deny
    Allow from all
    AuthName "seet190 auth"
    AuthType SSPI
    SSPIAuth On
    SSPIAuthoritative On
    require valid-user
    SSPIDomain seet190
    </Location>
    seet190 is the domain name
    Actually so far in the Security Forum, u might refer to some of the replies posted for more help but actual LDAP authentication can be done by passing the user's info too.
    HTH,
    Seetesh

  • How can i make multi partition in mac with windows 7

    Dear Sir/Madam
    Greetings,
    I have a MacBook Pro with
    Serial Number  C0XXXXXXXXXV16. I want to install windows 7 in my MacBook. I want to create two partitions for my data.
    How can I make multi partitions in my computer?
    Your early reply and consideration is highly appreciated.
    Regards
    Anisseh
    < Edited by Host >

    See the response to your second post for the same question:
    https://discussions.apple.com/thread/3563070?tstart=0

  • How can I make multi partitions in my computer with Windows 7??

    How can I make multi partitions in my MakBook with Windows 7??

    From what I read you can't. If you used Boot Camp to partition the Macintosh hard drive so you could install Win 7 on a boot camp partition you are locked into that one partition.
    If you try to RE-partition that BC partition Win 7 won't boot, and IIRC there is a possibility of OS X not booting (Not sure about that). I just went through this myself.
    That's one of the big reason I have gone back to Win PCs as my main systems.
    Mac's are OK but to restrictive in what you can do with the hardware, and the OS IMHO.

  • How can I do for ESA work with token RSA, I mean when I entry the login the authentication with RSA

    Hi there,
    How can I do for ESA work with token RSA, I mean when I entry the login, the authentication ask me the token with RSA, Is it possible???
    Regards,

    Hello Miguel,
    RSA tokens are currently not supported for login, neither to the GUI/CLI or access to the spam quarantine. There is currently a feature request"Support SecurID via RADIUS" for the WSA, if you want you can open a ticket and have either add your company to that request, or have it extended for ESA as well.
    Hope that helps,
    Andreas

  • Multi-Factor Authentication Server and OWA

    Hello,
    I am trying to implement a two factor authentication solutions for our OWA service using Multi-Factor Authentication server.
    What is the best way to accomplish that, Assuming I would like that the only service will be affected by the MultiFactor authentication server is the OWA?
    (without affecting the whole IIS service such as ActiveSync etc.?)

    At present, the MFA Server user enrollment is completely separate from Azure AD. If you want to use the mobile app with the MFA Server, you need to install the User Portal so that users can generate activation codes and set their MFA method to mobile app.
    Also, for users to activate their mobile apps, you have to install the Mobile App Web Service, which communicates with the MFA Server via the Web Service SDK to validate the activation code generated in the User Portal. Here are links for installing the User
    Portal and Mobile App Web Service.
    https://msdn.microsoft.com/en-us/library/azure/dn394290.aspx
    https://msdn.microsoft.com/en-us/library/azure/dn394277.aspx?f=255&MSPPError=-2147217396

  • Bypassing OAAM multi-factor authentication

    Hello
    In our project we found an interesting case where it is possible to bypass multi-factor authentication provided by OAM and OAAM. It can also work for a custom multi-factor login application which is integrated with OAM using the Access SDK.
    If you integrate OAM and OAAM as officially described in
    http://download.oracle.com/docs/cd/E12057_01/doc.1014/e12052/igoam.htm#BABBJACH
    you basically have one form authentication scheme which redirects a user to OAAM when trying to access a protected resource. The user enters username/password in OAAM which is send to OAM using the AccessSDK and validated by the authentiction scheme in OAM.
    From the point of view of OAM the authentication is completed and OAAM receives the ObSSOCookie. OAAM does not return the cookie to the user but continues with additional authencation steps such as secret questions, fingerprints, etc. If all goes well OAAM returns the ObSSOCooki to the user and he is able to access the protected resource.
    The bypass:
    OAM has a nice feature (I call it security bug) which allows a user to add authentication credentials as parameters to the URL when accessing a resource. E.g. a user accessing a protected resource such as app.domain.com can simply enter https://app.domain.com?username=xxx&password=xxx and is automatically authenticated provided the username/password parameters and values are correct. By automatically authenticated I mean that there is no redirection to the login form. The authentication credentials are passed by OAM internally to the authentication scheme. There is no post action being sent and intercepted.
    Why is this bad? If you are using OAAM as a multi-factor login application passing username/password as URL parameters will not involve OAAM at all. From the point of view of OAM a user is authenticated and there is no need to challenge him with OAAM. No matter what additional authentication factors are configured for OAAM, the authentication process is reduced to one factor (username/passwrod).
    Any thoughts on this. I am mostly interested in ideas and approaches to fix this issue.
    Regards, Donat

    Hello Steve
    Bypassing OAAM works with the latest 10g release of OAAM and OAM and the architecture described in the Oracle documentation
    http://download.oracle.com/docs/cd/E12057_01/doc.1014/e12052/igoam.htm#BABBJACH
    Any toughts on this issue?
    Regards,
    Donat

  • How Can I get multi column values from dynamic search help?

    Hi Gurus;
    I'm using dynamic search help in my program.
    I want to get multi column values from search help. But I dont know solution for this issue.
    I'm using F4IF_INT_TABLE_VALUE_REQUEST FM.
    How Can I get multi column values from dynamic search help?
    Thanks.

    Believe it or not, the same FM worked for me in a dynpro. I will try to explain here how it works in custom screen and then you can do your work for other screens or program types. I am not going to write my actual work but will explain in general.
    I have 4 fields (FLD1, FLD2, FLD3, FLD4) and i made the search based on FLD2 and when user click on a line (could be any field), then this would bring the line on to the screens.
    There are like 3 steps.
    You have your value_tab for my fields FLD1, FLD2, FLD3 and FLD4. This is just the data that we pass into the FM. (data: IT_VALTAB type table of ZVAL_TABLE)
    Next map the screen fields into an internal table (data: It_dynpfld type table of dselc ). I also have other internal tables defined  (just to keep it straight, i will be putting here) data:  It_return type standard table of ddshretval.
    Next step is to call the function module. Make sure you have values in IT_VALTAB.
    call function 'F4IF_INT_TABLE_VALUE_REQUEST'
    exporting
            retfield        = 'FLD2'
            value_org       = 'S'
          tables
            value_tab       = It_VALTAB
            return_tab      = It_return
            dynpfld_mapping = It_dynpfld
          exceptions
            parameter_error = 1
            no_values_found = 2
            others          = 3.
        if sy-subrc <> 0.
          message id sy-msgid type sy-msgty number sy-msgno
          with sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
        else.
          perform get_selected_fields tables It_return.
        endif.
    The code within the perform GET_SELECTED_FIELDS  - We need to map the result fields after user selects it. The code goes like this. This is step is to update the dynpro fields.
    I need a internal table as well as a work area here. like,
    data: lt_fields type table of dynpread,
            la_fields type dynpread.
      field-symbols: <fs_return> type ddshretval.
    so fill out LT_FIELDS from the IT_RETURN table
    loop at lt_return assigning <fs_return>.
        la_fields-fieldname = <fs_return>-retfield.
        la_fields-fieldvalue = <fs_return>-fieldval.
        append la_fields to lt_fields.
        clear: la_fields.
      endloop.
    Call the FM to update the dynpro
    call function 'DYNP_VALUES_UPDATE'
        exporting
          dyname               = sy-repid
          dynumb               = '1002' "This is my screen number. You could use 1000 for selection screen (hope so)
        tables
          dynpfields           = lt_fields
        exceptions
          invalid_abapworkarea = 1
          invalid_dynprofield  = 2
          invalid_dynproname   = 3
          invalid_dynpronummer = 4
          invalid_request      = 5
          no_fielddescription  = 6
          undefind_error       = 7
          others               = 8.
      if sy-subrc <> 0.
        message id sy-msgid type sy-msgty number sy-msgno
                with sy-msgv1 sy-msgv2 sy-msgv3 sy-msgv4.
      endif.
    good luck

Maybe you are looking for

  • Issue with making multiple web service calls without ccBPM

    I have an issue - Sync call from ECC -> check global param if EMPTY                                 -> if NOT EMPTY call Web service 1                                      -> parse the return value                                      -> call Web Ser

  • Cannot resize a JPanel???

    I'm having trouble resizing a JPanel in my gui. I'm adding 4 JPanels to the contentPane which extends JApplet. I'm using a BorderLayout but the JPanel I'm inserting in BorderLayout.CENTER is defaulting itself to only take up half of the border. I've

  • Why does Magic Mouse lag with new Mac Pro?

    My magic mouse worked great on the old G5. Works fine an mini mac. Unusable on the brand new mac pro. I have a $10 laptop mouse from an old pc that is wireless through a tiny usb connector that works 1000 times better. Why? <Re-Titled By Host>

  • Error was caused by operation ERROR in feature PINCH

    Dear All, We have created a new personnel area alongwith new personnel sub areas and assigned it with company code successfully. but when we performing hiring action it is giving error that "Error was caused by operation ERROR in feature PINCH". Plea

  • Serious problem...need help...

    heres the story...i had to format my computer so i saved all my mp3s on cd...then formatted my computer...now i put back all my mp3s on the cpu and redownloaded the newest itunes and made a completely new library and new playlists with completely dif