Security

Scripted SecurID/Radius authentication (next token/New PIN/locked token)

tawollen
Path Finder

We are setting Splunk up to use Radius with SecurID (2 factor). We have this working, but ran into an issue when a SecurID token is not in a "normal" mode.

SecurID has what is called new pin mode where a Radius/SecurID site will prompt the user to create a new PIN for their SecurID card as well as a "Next token" mode where the site being authenticated to will prompt the user after they enter the number on their SecurID card when it changes in order to re-sync the token and the SecurID server. Also (I haven't been able to test this) SecurID users tokens could be locked and require a reset.

We are hoping that there is a way to prompt the user for New PIN, next token and inform them their token is locked via the Splunk login page. I know that the existing Radius authentication script does not support this, but even if we were able to re-write the script I am wondering if Splunk can be customized in a way to provide the ability to deal with those 3 scenarios (New PIN/Next Token/Token Locked).

0 Karma

gkanapathy
Splunk Employee
Splunk Employee

There is really no facility to do this in Splunk. If the user can't log into Splunk, they may be required to go to some other url/application to update their PIN.

Get Updates on the Splunk Community!

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...

Alerting Best Practices: How to Create Good Detectors

At their best, detectors and the alerts they trigger notify teams when applications aren’t performing as ...

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Hey Splunky people! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2408. In this ...