Posts: 10,680
Threads: 91
Joined: Aug 2006
Reputation:
181
Hi Sylvain,
hope you had a great vacation :-)
I'm sorry for the not working RADIUS auth - currently we do not have a working RADIUS server - so we implemented just the functionality given by the API from Secret Server.
Can you tell me how it is working if you use the web service directly? In my understanding you connect/configure the RADIUS auth to your Secret Server installation - then you have to get a password/token on RADIUS and that password/token is sent to SecretServer to authenticate (additionally to username/pwd/domain/...) - is this correct? What kind of error do you get?
You can also send me your answer by mail (asgrd@asg.com) if you like more than the forum - if possible I would try to implement again in my TestApp and let you try this before you have to wait for the next Patch - would really like to ensure this is working asap...
Regards/Gruss
Oliver
Posts: 5
Threads: 0
Joined: Jul 2019
Reputation:
0
Not to reopen a dead thread but we are trying to implement a service account and leverage mfa on that account to reach into secret server. I am not quite sure how/what i should be creating for the radius token. any insight would be appreciated
Posts: 678
Threads: 34
Joined: Aug 2006
Reputation:
17
Hi, unfortunately through vacation for the next 2 weeks we are a bit short on ressources and I'm not so deep into secret server to give you a speedy answer. I'll try to activate my test system - hopefully I can find something that helps. Otherwise I have to ask for some patience.
Best regards,
Michael
best regards,
Michael -- michael.scholz@asg.com --
Posts: 5
Threads: 0
Joined: Jul 2019
Reputation:
0
no problem. thank you sir. I appreciate any assistance you are able to provide!
Posts: 10,680
Threads: 91
Joined: Aug 2006
Reputation:
181
If you want to setup Thycotic with Radius token you should try that first stand alone with Thycotic Secret Server - please ask Thycotic for Support or documentation on how to setup - if you have a running system and have problems how to implement in ASGRD we will try to help...
And we do not use the SDK - but the API of Thycotic - but that's only a technical detail :-)
Regards/Gruss
Oliver
Posts: 5
Threads: 0
Joined: Jul 2019
Reputation:
0
i have it setup with radius already -- thats not the problem. I was curious if there was some sort of api key i could use inside of asg to keep it more secure than just using a passcode to broker the connect between asg and secret server
Posts: 10,680
Threads: 91
Joined: Aug 2006
Reputation:
181
Can you give me some details on how it is working outside ASGRD? As I wrote some posts before - we don't have a RADIUS implementation in our test environment.
When and how is the RADIUS token generated and when/how must it be entered to login into Secret Server? We just tried to use the API as it is documented without testing it :-(
Regards/Gruss
Oliver
Posts: 5
Threads: 0
Joined: Jul 2019
Reputation:
0
secret server has a pretty basic implementation for radius. i essentially configure the account to leverage radius logon (we are also using windows integrated auth) -- then in SS there's a radius server we point at (We use RSA)
when i hit the SS front end windows integrated auth logs me in, then i am prompted for radius credentials. if i enter my token i get authenticated and im in.
the setting i am wondering about is the radius token field of the creds under password source inside the asg tool
Posts: 10,680
Threads: 91
Joined: Aug 2006
Reputation:
181
Ok - we will change this - the RADIUS token is the MFA one time password like other MFA authenticators - so we will prompt the user to enter the RADIUS token even if login is executed…
The problem I see is that the AuthenticateMethod in the API does only allow to give the RADIUS-Token if also username, domain and password is set - I have to clarify how it is handled when using Integrated Auth and RADIUS...
Regards/Gruss
Oliver
