Rate this Content

0 Rates
0 %

How to disable password only authentication on the SA Server/IDConfirm 1000 IAS agent

Applies to

IAS agents for SA Server/IDConfirm 1000, all versions


When IAS agent receives an AAA request for an OTP authentication, the agent will ask SA Server/IDConfirm 1000 to authenticate the username/password/OTP. If the authentication fails the IAS agent, as a proxy RADIUS, forwards the authentication request to the next authentication dll (direct authentication to Active directory). With AD, a username+password is enough, and so AD will authenticate positively the request.

In order to deny authentication when submitting a wrong OTP, we can turn off the proxy radius, by changing a specific registry key:

HKLM\Software\Gemalto\SA Server\IAS Agent

Set the rejectOnError key to 1 (0 is the default)

Reboot the server to apply the change.

No comments
Add comment

* - required field


CAPTCHA image for SPAM prevention If you can't read the word, click here.


Latest updated pages