Zweiter Teil ist die Anpassung des Web Interface um die SMS Token Authentisierung zu ermöglichen, was aber recht einfach ist. Nach dem Setzten der SMS Parameter für u.a. dem SMS Gateway (für die Verwendung eines Online SMS Gateway Entwickelt) ist die Konfiguration abgeschlossen und die Anmeldung mit SMS Token kann erfolgen.
|
OTP
Geschrieben von Guest am 2007-07-11 12:03:26
Looks nice.
But how is this OTP that gets sent created?
I am unable to find anything on the site, and it looks like the forum died too.
Basically I am wondering how secure it is.
|
OTP
Geschrieben von Guest am 2007-07-19 20:43:58
The one time password (opt) is created by the function GenerateCode in the sms_include.aspx file. The Function GenerateCode just create a random 6 digits code. This code is then stored in AD og send to the user.
|
Other SMS gateway
Geschrieben von rautsi am 2007-08-29 12:09:55
hi
are there any whay to configure this appl to use another SMS gaeway ?
We have an internal SMS gateway that we can use to send SMS througth a web page, command line or mail.
|
Geschrieben von Guest am 2008-03-10 16:07:50
does it means you can remove all the VASCO middleware software ... ?
|
destro
Geschrieben von Guest am 2008-05-05 17:12:10
is there a way to implement this for owa or remoteweb places?
|
Wildcat
Geschrieben von Guest am 2008-08-13 12:09:07
What happens if there is a SMS delay, how do you handle events such as this. Also if the passcode is stored in AD, how is it protected or can it be viewed with a LDAP browser. 
|
UPdate
Geschrieben von Guest am 2009-02-02 11:48:46
Is there an update on this, i.e. a version for web interface 5?
|
WI 5.1
Geschrieben von Gast am 2009-04-20 15:59:06
update available for WI 5.1 ?
|
It do not work with WI / CSG / XENAPP 5
Geschrieben von Guest am 2009-05-19 11:59:07
I tested it with WI 5 but it did not work.
THe portal said on the main page :
"Configuration du système non valide
La configuration du système est soit incorrecte soit indisponible. Veuillez nous excuser pour ce désagrément.
L'erreur est de nature temporaire. Essayez de vous reconnecter et si le problème persiste, contactez votre administrateur système.
"
We really need this feature under the last versions of WI and CSG. And the http://www.isager.dk/ site does not repond.
Anyone here ?
|
too bad!
Geschrieben von Guest am 2009-08-20 16:43:15
Looked promising but it seems its hardcoded to use clickatell.com. I guess they funded developement or something ?
|
Lke to see a version to send code by e-m
Geschrieben von Guest am 2009-12-02 13:20:52
Hi,
I would like to see a version that would send code by e-mail
|
Geschrieben von wizdom am 2010-04-29 19:22:40
Tried it today on a WebInterface 5.2 and it doesn't work :
"Invalid System Configuration
The system configuration is invalid or unavailable. We apologize for any inconvenience.
The error may only be temporary. Try reconnecting and, if the problem persists, contact your system administrator.
"
After looking at the WIndows Events :
"Site path: c:\inetpub\wwwroot\Citrix\XenApp.
The message key 2FactorConfigError does not correspond to a valid event ID. Check that the event ID file has a valid entry for 2FactorConfigError. The event ID must be an integer between 1 and 65535. [Unique Log ID: c5a04aba]
"
|
Fix
Geschrieben von Claus Isager am 2010-05-04 08:18:10
Hi. There is a file missing in the zip file. create a new file in the \auth\smscode.aspx
(same folder where safeword.aspx is located)
insert
I will send a new file to Thomas asap
|
File missing
Geschrieben von Guest am 2010-05-03 11:01:23
Hi.
A file is missing in the zip file. I have send a new version to Thomas.
To fix this:
1. Make a copy of safeword.aspx (in auth folder)
2. Rename to smscode.aspx
3. Edit smscode.aspx and replace Safeword with smscode
4. Save
|
Patch is working
Geschrieben von wizdom am 2010-05-04 00:02:07
I tried the new version tonight on my Web Interface 5.3 and now the authentifcation page is not crashing anymore. nice.
But still, I don't understand how this can work : the login page ask for username + password + passcode (the page is "login.aspx"). But how can you have a passcode before the email (or SMS) is sent to you ?
|
passcode
Geschrieben von wizdom am 2010-05-04 00:24:20
I just understood that the needed Passcode is in fact the Pin code defined in the SMS TOKEN tab in Active Directory.
Anyway, it still tells me that my authentication is wrong although I'm sure of all my credentials (it works well if I come back a classical login+password authentication mode).
When checking the "User must change PIN at next logon" box, my Pincode is accepted at the logon page, a new page is coming and asking me for changing the PIN code. I type a new Pincode twice but I got an error message when validating that my pincode could't be updated.
|
Resolve domain
Geschrieben von Claus Isager am 2010-05-04 09:18:36
Please check that your webinterface can resolve the domain.
On the webinterface check that you can ping your domain . ex. test.lan and be sure that port 389 tcp is open between the WI and your AD servers
|
Not a domain issue
Geschrieben von wizdom am 2010-05-04 18:14:19
Well, I'm a 100% sure this is not a domain issue because :
a) there's no firewall between WI and Domain Controller
b) there's a second XenApp website on the same WI, without 2-factors auth, and this one works (with the same user credentials, except passcode of course).
c) when user must change pin at next logon, he's correctly redirected to CHANGE_PIN.ASPX (but he cannot change it, see above). He's not redirected if its password is incorrect. So the password can clearly be checked by the WI. Obviously the pincode cannot.
I'm trying with different users, with passcode as easy as "1234" or "abcd", and always get the same issue.
All servers are running English version of Windows 2003 SP2.
Is there any way to trace something during auth phase ?
|
Permissions
Geschrieben von Claus Isager am 2010-05-05 08:17:43
Does it make any differens if the user is a Domain Admin?
SMS token make use of the field primaryTelexnumber on a user object. Try starting adsiedit.msc (included in support tools) and look at the advanced permissions for the user. The user (SELF) should have r/w permissions for "Personal informations" (Default setting)
|
move to forum
Geschrieben von wizdom am 2010-05-07 13:56:13
Following the discussion here :
http://www.thomaskoetzing.de/index.php?option=com_smf&Itemid=178&topic=3519.0
|
SMS/EMAIL Token fo AD 2008 x64
Geschrieben von Gast am 2010-06-14 12:59:57
Hi Forum,
i have the system in use. I use the SMS function.
Now i would use this on my AD 2008 x64.
Unfortuanly the regsrv32 jobs did'nt work on x64.
Are x64 files available ?
regards -
Sven
|
not sending email
Geschrieben von Gast am 2010-07-22 14:00:41
while within the lab the mail function works fine within the dmz i can only see the http get to api.clickatell.com.
There are no smtp packets.
But i am able to use telnet from the WI with port 25 to access the mailserver with his name.
The config are the same like the lab-config.
USEMAIL=1 are present.
|
Using my own smsgateway
Geschrieben von Guest am 2010-07-30 22:04:52
How can I use my own smsgateway instead of the clickatell smsgateway? Can you place a sample configurationfile on the forum?
|
R2 x64: yes or no
Geschrieben von Gast am 2010-08-24 08:31:39
Hi,
does this work on R2 x64 as well?!? It seems the registartion of the ocx and dll's does no work... :-(
Thanks for help.
|
Kommentar(e)
