Forum Discussion

Frank_Zoechling's avatar
Frank_Zoechling
Icon for Nimbostratus rankNimbostratus
Aug 21, 2015
Solved

APM / VMware View 6 / Radius and Active Directory Auth

Hi,

 

i'm using APM and the VMware View iAPP to provide Access to VMware View Connection Brokers. I have extended the Access Profile with Radius Authentication for 2-Factor Auth. But there is a Little Problem: If i try to Login with the View Fat Client, it asks me to enter my radius credentials (fine so far). If i enter the correct credentials the Client asks for the AD credentials, but between Radius and AD credentials, the Client is showing a Access denied error. It seems that APM passes the Radius credentials to the active Directory Login page:

 

 

Here is the Access profile:

 

 

i also tried to clear session username and Password after radius authentication, but with no success. Login will success if i enter AD credentials, but the Access denied error message before entering the the AD credentials still apears. Could somebody help me with that?

 

Kind regards, Frank

 

APM
cloud
deployment
devops
iApps
security
vmware
  • coquin_150361's avatar
    coquin_150361
    Sep 09, 2015

    Hi Franck, I have solved my problem. I have deleted the AD View Logon page and AD authentication boxes in the VPE. That works fine and the AD authentication is made by the Connexion Server. That differs with the previous 11.4.1 HF2. Regards. Patrice

     

19 Replies

Sort By
Show More
  • Frank_Zoechling's avatar
    Frank_Zoechling
    Icon for Nimbostratus rankNimbostratus
    Aug 28, 2015

    Radius Secret contains 21 alphanumeric characters without special characters. AD binding is anonymous.

     

  • Justin_Venezia_'s avatar
    Justin_Venezia_
    Icon for Cirrus rankCirrus
    Aug 28, 2015

    I don't think your issue is related to configuration. I ran through our standard RADIUS/OTP configuration in the lab, and it's pretty straight forward. Do you happen to have a support case open, so we can take a deeper look at the issue. The errors I see in the screen shots/logs you included could point to a couple of different things.

     

  • coquin_150361's avatar
    coquin_150361
    Icon for Altostratus rankAltostratus
    Sep 04, 2015

    Hi Franck Just to say I have the same issue. All worked fine on 11.4 HF2 and the issue appeared since I have upgraded to 11.6 HF5 It seems that the Radius credentials are automatically rerun at the AD authentication step. Have you received some help from the Support ? I will also open one from my side and keep you posted. Regards, Patrice

     

  • Frank_Zoechling's avatar
    Frank_Zoechling
    Icon for Nimbostratus rankNimbostratus
    Sep 04, 2015

    Hi Patrice,

     

    "It seems that the Radius credentials are automatically rerun at the AD authentication step" Yes, i think thats the Problem, i have tried to clear session.last.password and session.last.username but with also no luck, currently i'm waiting of F5 Support Response.

     

    regards, Frank

     

  • coquin_150361's avatar
    coquin_150361
    Icon for Altostratus rankAltostratus
    Sep 09, 2015

    Hi Franck, I have solved my problem. I have deleted the AD View Logon page and AD authentication boxes in the VPE. That works fine and the AD authentication is made by the Connexion Server. That differs with the previous 11.4.1 HF2. Regards. Patrice

     

  • Frank_Zoechling's avatar
    Frank_Zoechling
    Icon for Nimbostratus rankNimbostratus
    Sep 10, 2015

    Hi, just for Information, answer from F5 support:

     

    The issue you are affected by is ID526275 VMware View RSA/RADIUS two factor auth fails. The fix will be introduced in the next HF rollup, I have been informed there is an engHF available. Let me if you are ok to wait for HF6 for 11.6.0 or want an engHF on top of HF5, as far as I know HF6 should be released at the end of September.

     

    regards, Frank