topic ACS5.1 and OTP in Network Access Control

ACS5.1 and OTP

Si — Mon, 11 Mar 2019 01:08:54 GMT

Does anyone have a quick overview of how to setup how to communicate with ACS5.1 using an OTP server?

I want the user to be authenicated in AD then send out the OTP if credentials are correct.

Thanks

ACS5.1 and OTP

Si — Mon, 04 Jul 2011 16:01:58 GMT

thanks in Advance

ACS5.1 and OTP

Nicolas Darchis — Tue, 05 Jul 2011 06:50:20 GMT

What is your OTP server ? Does it act as a radius server ?

If so you can configure an external radius store in ACS.

I would then advise to configure an identity sequence in ACS that would check the OTP server for authetnication and then put AD in the "extra attribute retrieval store" to retrieve user groups and properties.

ACS5.1 and OTP

Si — Tue, 05 Jul 2011 07:09:50 GMT

the OTP is the Nordic Edge Server, which i believe is radius.

I think im just struggling to put the Access Service and Rule selection together properly.

Thanks

ACS5.1 and OTP

Nicolas Darchis — Tue, 05 Jul 2011 07:16:27 GMT

What you want to achieve changes nothing to the access service and rule selection.

Just create an identity store sequence that authenticates against OTP but fetches the attributes found in AD.

ACS5.1 and OTP

Si — Thu, 07 Jul 2011 12:58:46 GMT

Is it possible to check the AD first then check the OTP if in that group?

At the minute the OTP will get sent to anyone, then get denied by the AD afterwards.

Thanks

ACS5.1 and OTP

Nicolas Darchis — Thu, 07 Jul 2011 13:09:24 GMT

There is an authenticating server and an attribute retrieval server.

You can't retrieve AD attributes first because the guy is not authenticated yet.

And you can't store attributes on the OTP server either right ?

The problem is that your password is on OTP only so it's OTP authenticating and not AD, so OTP has to be first.

ACS5.1 and OTP

Si — Thu, 07 Jul 2011 14:49:50 GMT

OK thanks for clearing that up. We'd like to stop the OTP being sent out to invalid users.