i have a scenario where the requirement is to integrate the ISE device with SMSpasscode device which will trigger the OTP to the mobile devices
Currently i have my authentication configured to work with the AD
When my VPN users connects its authenticates against AD and the users get the access .
Now as per the new requirement once the user is authenticate against AD , the user should be prompted for the OTP password send to the users using SMS passcode device
Anyone had worked on similar requirement please help me to resolve the issue .
Thanks in advance
SMS PASSCODE and Cisco ISE can live together. i do not know if you have a Cisco ASA in front of this scenario, but just in case, then i have a Cisco ASA Quick guide that i have attached.
The Cisco ISE can be used a and forward the request to the NPS server with SMS PASSCODE Radius Client protection installed.
If the Cisco ISE authenticates the Username and password, then you can forward the request to the NPS, and specify in the SMS PASSCODE Configuration tool, that it should skip Password validation for the radius client. Please make 100 % sure that the authentication is taken place at the Cisco ISE, before implementing this.
The SMS PASSCODE Radius client protection installation and configuration is included in the SMS PASSCODE Administrators guide, that you can find in the software package.
I hope this can help you.
I am working exactly for a month on this topic with no success.
I need to integrate VASCO OTP solution. But VASCO do not support any external authentication backend for virtual/SMS token. Only passcode or local authentication.
I need to implement an external authentication against LDAP somewhere...
Gunnar, do CISCO clearly says it is not able to participate to such setup?
So, my need would be to be able to insert in the flow an authentication in ISE against the LDAP.
The flow is:
WebApplication send login+password (LDAP) to ISE
ISE checks the credentials and if it is OK forward the request to VASCO
VASCO does not check for password but generate the OTP and send it via SMS
VASCO replies with a access-challenge
ISE forward the challenge to Web Application
WebApplication send login+OTP response to ISE
ISE forward to VASCO
VASCO checks for OTP and replies to ISE with accept
ISE forward to Web Application
User is logged in...
All the flow is working if the user enters a passcode
I would like to implement a Identity source sequences where the user is checked again all the entries not the first match
First LDAP then VASCO...
I am sorry, but i do not know anything about Vasco, so i can´t help you with that. I Work with SMS PASSCODE and that will work using Radius.
Hope you will get it to work.
I now that this is an old thread but the issue didn't disappeared :)
Did you got SMS Passcode to work with ACS and the ASA?
ASA -- > ACS --> SMS Passcode