token2 / totpradius Goto Github PK
View Code? Open in Web Editor NEWTOTPRadius 2FA Radius appliance
TOTPRadius 2FA Radius appliance
Trying to integrate TOTPRadius with WatchGuard Firewall fails for me. From the TOTPRadiums logs point of view everything seems fine (user successfully authenticated), but in total authentication fails. WatchGuard Firewall logs state "was rejected, user isn't in the right group". But I'm pretty sure the user is in the right group as when I switch TOTPRadius for another solution this works fine. Any idea?
Edit this file /etc/dhcp/dhclient.conf and set timeout to a reasonable value, like
timeout 15
Currently only allowed in API, allow in web interface as well
Allow LDAP login to the web admin panel.
Specify users by list of usernames or AD groups
This is due to hardcoded jquery library name, to be solved by adding a separate jquery.min file
Netscaler 12 has "hardcoded" order of authentication sources in XenApp configuration wizard and it is OTP first and AD second. And there is no way to change it.
So when users log in, they should put OTP in the first password field and AD password in the second field.
The problem here is that the Netscaler does not allow the empty value of Password, so the users without 2FA active will have to put "something" there, which makes the overall user experience cumbersome.
Allow SSO with Azure AD (Office365) for VPN connection
Current (Centos 5.7) is EOS and does not support Hyper-V thus time drifts
Reported by 5446
Reported by t2
In some systems the appliance is allowed to register in DNS, which makes it complicated if multiple appliances are used (i.e. in slave/master mode). A hostname setting is to be added to admin gui
Validate certificate (with Root CA pem)
LDAP_OPT_X_TLS_CACERTFILE
Advanced config button fix
Radius-Secret: should be also generated random
Enhance the appliance with Web AUTH Api, so in addition to Radius appliance, the server will provide REST API for verifying OTPs via HTTP/HTTPS
Include FIDO2 registration data in the backup and restore script
fido2/.users , fido2/.sessions
Logging/Audit-Features (who did an Authentication from where) ->
this data is already in the radius log, only GUI missing
Assign hardware token to user in LDAP Self-service interface
Request to introduce restrictions based on AD group
When adding a token without setting time drift - shows an error. Make the drift field 0 by default
Implement adding extra attribute
Add editing feature of the extra attribute
include in the backup/restore script
(location /etc/freeradius/3.0/extra
)
If Local Password mode is enabled, empty password or "ldap" as a password will attempt LDAP authentication
doesn’t make sense, that I see all Users (users_list.php) without have to login.
A test page to see if OTP is correct for a particular seed
Citrix Storefront - Show the number of MFA-less logins left on the Web Interface
disable by running
chmod 0755 /usr/bin/pkexec
Currently the minimum is 4 chars. To be changed to 1 char
Citrix Netscaler + Storefront. Allow second factor via
How can I reset Users Logons. If I want to re-issue a new token to a user trough storefront ?
Currently done by removing the user, but this deletes all logs
Allow new web interface to be uploaded as a zip package (something like firmware upgrade) via admin panel.
Implement user export+import to allow migrating data between versions
ldapsearch -x -h adserver.domain.int -D "[email protected]" -W
ldapsearch -x -h addc01 -D "[email protected]" -W AD-Password
Add timezone modification on the Admin settings
Adding a possibility to use FIDO security keys instead of TOTP authentication
Implement allowing single factor login to work both with OTP-only and with LDAP-only login
Fails with "username too short"
Reported by 5346
Leverage Resource Owner Password Credentials API of Azure AD to implement primary authentication against Azure AD (as a replacement of LDAP onPrem)
Show if license limit has reached and do not allow new user creation
Put a note to specify the format if more than one LDAP server is used
As multiple servers can have different protocols, the default protocol (ldap) is only assumed when a single server is used to connect.
For 2 and more servers the simple format (just the hostname) will not work and full URI must be specified.
For example for MS AD, the value should look like:
ldap://192.168.200.208 ldap://192.168.200.209
So, still space separated, but with the protocol (ldap://) specified
Redesign Export&Import feature to include an all-in-one file that includes:
MySQL-Username/Password should also be changeable.
Allow time drift sync
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.