06-08-2011 07:27 AM - edited 03-10-2019 06:08 PM
Does anyone have a quick overview of how to setup how to communicate with ACS5.1 using an OTP server?
I want the user to be authenicated in AD then send out the OTP if credentials are correct.
Thanks
Si
07-04-2011 09:01 AM
thanks in Advance
07-04-2011 11:50 PM
What is your OTP server ? Does it act as a radius server ?
If so you can configure an external radius store in ACS.
I would then advise to configure an identity sequence in ACS that would check the OTP server for authetnication and then put AD in the "extra attribute retrieval store" to retrieve user groups and properties.
07-05-2011 12:09 AM
the OTP is the Nordic Edge Server, which i believe is radius.
I think im just struggling to put the Access Service and Rule selection together properly.
Thanks
S
07-05-2011 12:16 AM
What you want to achieve changes nothing to the access service and rule selection.
Just create an identity store sequence that authenticates against OTP but fetches the attributes found in AD.
07-07-2011 05:58 AM
Is it possible to check the AD first then check the OTP if in that group?
At the minute the OTP will get sent to anyone, then get denied by the AD afterwards.
Thanks
S
07-07-2011 06:09 AM
There is an authenticating server and an attribute retrieval server.
You can't retrieve AD attributes first because the guy is not authenticated yet.
And you can't store attributes on the OTP server either right ?
The problem is that your password is on OTP only so it's OTP authenticating and not AD, so OTP has to be first.
07-07-2011 07:49 AM
OK thanks for clearing that up. We'd like to stop the OTP being sent out to invalid users.
S
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide