I have enabled OTP on only one user (User Portal only) and work great.
However Client Authetication agent stops working saying "invalid credential". Disabling the OTP makes the Client Authetication agent work again.
Thanks
I have enabled OTP on only one user (User Portal only) and work great.
However Client Authetication agent stops working saying "invalid credential". Disabling the OTP makes the Client Authetication agent work again.
Thanks
Hi Luk,
I will test it and update soon.
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Hi Sachin,
Replicated on GA v16, once OTP is enabled I cannot use the client authentication at all, with or without a code. Even after disabling OTP I had some residual effects for up to a minute where my credentials were still not valid to Webmin login and the client auth would hang.
Emile
When I opened this thread, after enabling the OTP, my CAA stopped to work. This time, CAA continue to work until I closed it (reboot the computer, etc...).
I thought the but was fixed...instead something has been improved but not fixed yet. [:(]
Hi all,
Resolved the issue for myself, you have to enable OTP by clicking the Settings button on the OTP tab and flicking the switch for One-Time Password:
After doing that my Client Auth Agent works perfectly fine again :)
Note: You will have to uncheck save your password as it will include the OTP creds which will be invalid after 30 seconds/use.
Edit extra: Also noticed is if you disable your token but don't disable the OTP switch, your OTP requirement will still be enforced but your OTP codes will not be valid. AlanT, something to note? Shouldn't switching off your token disable it for your user or do you have to switch off enforcement for all users/just that user and just disabling the token only removes that token as usable for the user?
Emile
Emile this is a workaround and not the solution. CAA does not work if it is set to save password.
Even if it is not safe to save password, customers want to remember the least password possible and entering the password at each login is annoying. This is still a bug, in fact Sachin or Prateek did not answer yet as fixed.
Thanks for your help!
Hi Luk,
I understand your point but saving passwords should not be part of a security scope where One Time Passwords would be enforced.
CAA will not work by saving passwords with the first time use of the OTP, that's not a bug, that's saved password functionality. This is not a workaround.
Emile
Hi Luk,
I understand your point but saving passwords should not be part of a security scope where One Time Passwords would be enforced.
CAA will not work by saving passwords with the first time use of the OTP, that's not a bug, that's saved password functionality. This is not a workaround.
Emile
OTP should be available for different authentication mechanisms. It does not make sense that enabling user portal, it affects even CAA. So let us decide on which authentication process the OTP must be applied.
OTP is something that is needed externally and recommended internally.
Hi Luk,
As of now access server validates OTP password for User Portal, Captive Portal and CAA when OTP is enabled for the "User Portal" facilities.
I agree that we should be having separate Option to enable this facility. Taken in consideration under NC-10494.
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Thank you Sachin. The option must be separated...also it does not make sense that even Captive Portal won't work...
Please add a warning inside the XG (in the actual version until you fixed it) where the Admin enable the User Portal...OTP will be enabled even for .....Customers do not know if they do not contact the Sophos support or expert Partner. Mine is an advice.
Thanks
Hi Luk,
No ETA yet.
Thanks
Sachin Gurung
Team Lead | Sophos Technical Support
Knowledge Base | @SophosSupport | Video tutorials
Remember to like a post. If a post (on a question thread) solves your question use the 'This helped me' link.
Sachin,
at the moment OTP is useless.
It's been two years, and sophos has not solved the problem yet?