Advanced Authentication (AAf): Radius Client Method

Make it possible to turn username management off for the radius client method.

--> Via the enrollment portal the user has the ability to change the username that is sent to the Radius server.
If somebody (accidentally) changes his username on the Radius Client enrollment, authentication will fail.
If somebody can access the enrollment page of a victim, he can save a username were he has a valid token from and be able to strongly authenticate as the victim.

--> Via the Helpdesk portal, helpdesk people can change the username that is sent to the Radius server.
This can be a security concern because a helpdesk person can save his username on the enrollment of a victim and then authenticate as this victim by using his own token.

by: Bart A. | over a year ago | Configuration

Micro Focus Enhancement Requests Portal is moving. We are migrating the IDEAS from this site to the New Idea Exchange on May 6th. For more information on the new Idea Exchange please visit the Community FAQs.

3

Radius Client Method - Disable Username Management

Comments