Solved

RSA SecurID, Cisco ASA, Lotus Domino 8.5.2 Integration

Posted on 2010-09-18
6
1,313 Views
Last Modified: 2013-11-16
Hi, Is any way to join all together?
In my scenario I would like to create system where user
using RSA SecurID one time password logging to SSL webportal
and openning webmail site without entering static lotus notes password.
Is it possible?
0
Comment
Question by:pawnaz
6 Comments
 
LVL 10

Expert Comment

by:koudry
ID: 33712635
I am not clear about this question, so it may help if further information can be provided.

Using a secured token for one time password, a remote user can connect to his / her mail box. But they need to provide their corporate network password in order to login.

Could you please rephrase your question?

Thanks.

Koudry
0
 

Author Comment

by:pawnaz
ID: 33712807
Using a OTP token, a remote user can establish connection to VPN portal (clientless webVPN) only.
After that user must use another pair of login/password to use webmail or other web application during vpn session.
The goal is use only one time password to access vpn portal and next webapplication, Lotus Domino mail or IIS intranet webpage.
0
 
LVL 10

Expert Comment

by:koudry
ID: 33714800
I am not an expert on VPN but I have had some exposure to it. The way it works, is that you have various levels of authentication. The fist level of enthentication is using the one-time password with other details such as the VPN host IP address, to get to the corporate network. Once there, you need another level of authentication your employee user ID (if that has not be requested during the first level) and your corporate network password. This is the scenario you described in the fist paragraph above.
It may be possible to use just  the one-time password. I have never seen it done that way but it may be possible. What you have to remember, is that you do not want to compromise security, which is why you have different level of security. Also, passwords have to be made to age within 30 days etc.
There may be a VPN expert in the house to post a comment.
Good luck.
Koudry
0
 
LVL 1

Accepted Solution

by:
shortleg earned 500 total points
ID: 34406053
If I undestand it properly, what you are trying to achieve is SSO between ASA SSL VPN and Domino after a strong authentication based on RSA SecurID.
From what I know, the way ASA would do this is not a real SSO (sharing of signed cookie/ltpa token), but it would pass the same credentials used for authenticating to the SSL VPN to the Domino web server.
Now this will fail for two reasons:
1) since your user authenticated via SecurID, the password is not valid anymore (it is a one time password),
2) Domino would have no way of verifying the SecurID passcode
so there is no way to do it AFAIK.
An alternative is to look for an RSA SecurID agent that you can deploy on Domino itself.
In this scenario you would get RSA SecurID strong authentication and one shot access to Domino which is what you were trying to achieve (I believe). Domino can use LTPA token that can be used for SSO so the user can roam to other servers.
After Googling there seem to be two agents that do this:
1) Amiura SignOn Agent
2) Winchester Business Systems AtSignOn
0
 
LVL 68

Expert Comment

by:Qlemo
ID: 34626829
This question has been classified as abandoned and is being closed as part of the Cleanup Program.  See my comment at the end of the question for more details.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Check out this infographic on what you need to make a good email signature that will work perfectly for your organization.
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now