Security

Scripted SecurID/Radius authentication (next token/New PIN/locked token)

tawollen
Path Finder

We are setting Splunk up to use Radius with SecurID (2 factor). We have this working, but ran into an issue when a SecurID token is not in a "normal" mode.

SecurID has what is called new pin mode where a Radius/SecurID site will prompt the user to create a new PIN for their SecurID card as well as a "Next token" mode where the site being authenticated to will prompt the user after they enter the number on their SecurID card when it changes in order to re-sync the token and the SecurID server. Also (I haven't been able to test this) SecurID users tokens could be locked and require a reset.

We are hoping that there is a way to prompt the user for New PIN, next token and inform them their token is locked via the Splunk login page. I know that the existing Radius authentication script does not support this, but even if we were able to re-write the script I am wondering if Splunk can be customized in a way to provide the ability to deal with those 3 scenarios (New PIN/Next Token/Token Locked).

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

There is really no facility to do this in Splunk. If the user can't log into Splunk, they may be required to go to some other url/application to update their PIN.

Get Updates on the Splunk Community!

How to Monitor Google Kubernetes Engine (GKE)

We’ve looked at how to integrate Kubernetes environments with Splunk Observability Cloud, but what about ...

Index This | How can you make 45 using only 4?

October 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Splunk Education Goes to Washington | Splunk GovSummit 2024

If you’re in the Washington, D.C. area, this is your opportunity to take your career and Splunk skills to the ...