Re: YubiRADIUS with Forefront TMG

2012-04-11T11:06:42+01:00

Hi,

We believe it is possible to configurable the MS FUAG to not require double authentications but we would encourage you to contact Yubico at support@yubico.com so that we together can test out any options and once we have a working configuration we can post the result back to the forum.

Thanks!
Samir.

Statistics: Posted by samir — Wed Apr 11, 2012 11:06 am

YubiRADIUS with Forefront TMG

2012-04-06T11:53:46+01:00

Hi, does anyone have any experience setting up Forefront TMG to use YubiRADIUS. (I have YubiRADIUS setup as an Active Directory client)

I can setup TMG to use 'Radius OTP' on it's listener, so the form page appears asking for username, passcode (ie: Password+OTP) and internal password, however this requires the user to enter their password twice (Once so that the YubiRADIUS can perform the 2FA, and then again so the internal service can be delegated the credentials required).

From my reading on the internet, it appears I need to get the YubiRADIUS to send 'access-challenge' to TMG to get it so that the user can first enter their normal username/password and then when it received 'access-challenge', TMG asks the user for their OTP, keeping their password and otp separate and therefore allowing delegation to occurr after TMG has completed the 2FA with YubiRADIUS.

I hope this makes sense! If not please correct me as this is all a bit new to me and i'm keen to learn.

Statistics: Posted by chris5287 — Fri Apr 06, 2012 11:53 am

Yubico Forum

Re: YubiRADIUS with Forefront TMG

YubiRADIUS with Forefront TMG