Advanced Authentication (AAf): Configurable RADIUS auto-enrollment behavior

Current status:

When the RADIUS method is configured with a Radius client, a user is auto-enrolled in the RADIUS method no matter if they have an account in the downstream Radius server or not. Presumably this is due to AAF not being able to determine if the user actually has an account in the RADIUS server or not -- which makes sense.

In the case the user does not have a RADIUS account in actuality but is enrolled in the RADIUS client in the authenticator management portal, this could lead to confusion.

Proposed idea:

Allow the administrators to disable the auto enrollment of the RADIUS method. Users would then have to “enroll” in the RADIUS client manually in the authenticator management portal. The manual enrollment process of the RADIUS client could involve the user providing one or more valid OTPs for their account (just like today, the RADIUS account of the user would be assumed by the user’s account name unless defined otherwise by the user). The logic being, a successful authentication to the RADIUS server verifies the user’s account exists and that they are possession of the RADIUS challenge answer.

by: Tim S. | over a year ago | Configuration

Tim,

We will look into this. It seams reasonable that we would provide a way to prevent the auto login.

Troy

by: Troy D. | over a year ago
oops - auto enrollment that is

by: Troy D. | over a year ago
Octane # 14141 planned for AA 6.3

by: Troy D. | over a year ago

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

4

Configurable RADIUS auto-enrollment behavior

Comments