Security

Scripted SecurID/Radius authentication (next token/New PIN/locked token)

tawollen
Path Finder

We are setting Splunk up to use Radius with SecurID (2 factor). We have this working, but ran into an issue when a SecurID token is not in a "normal" mode.

SecurID has what is called new pin mode where a Radius/SecurID site will prompt the user to create a new PIN for their SecurID card as well as a "Next token" mode where the site being authenticated to will prompt the user after they enter the number on their SecurID card when it changes in order to re-sync the token and the SecurID server. Also (I haven't been able to test this) SecurID users tokens could be locked and require a reset.

We are hoping that there is a way to prompt the user for New PIN, next token and inform them their token is locked via the Splunk login page. I know that the existing Radius authentication script does not support this, but even if we were able to re-write the script I am wondering if Splunk can be customized in a way to provide the ability to deal with those 3 scenarios (New PIN/Next Token/Token Locked).

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

There is really no facility to do this in Splunk. If the user can't log into Splunk, they may be required to go to some other url/application to update their PIN.

Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...