Solved

ADFS 3.0 and CAPTHA

Posted on 2015-02-03
10
405 Views
Last Modified: 2015-03-02
Hello,
Has anyone implemented ADFS with CAPTCHA to
I am looking at http://www.manageengine.com/products/self-service-password/
Thanks for any advice/experience/information.
0
Comment
Question by:IT-NYC
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 40

Assisted Solution

by:footech
footech earned 100 total points
ID: 40587245
How does ADFS with CAPTCHA relate to ManageEngine SelfService Plus?
I'm afraid I can't even tell what you're asking.

SelfService Plus runs on a Tomcat server that is included in the product, not IIS.  The CAPTCHA option is just a check box in the settings.
0
 

Author Comment

by:IT-NYC
ID: 40588911
I am looking to implement CAPTCHA as an additional layer of protection for ADFS 3.0. If it is possible to use it within ADFS, third-party tool is preferred, great. I mentioned this particular program because it is AD-aware, so my understanding that it will work well with ADFS, even if it is not designed specifically for ADFS.
0
 
LVL 40

Assisted Solution

by:footech
footech earned 100 total points
ID: 40589454
Maybe you want to add a CAPTCHA to the forms-based login page of ADFS?

Can't advise you on that, but it'd probably be a better question for the IIS topic area, or ASP.

Good luck.
0
Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

 

Author Comment

by:IT-NYC
ID: 40589506
Thanks!
0
 
LVL 37

Assisted Solution

by:Mahesh
Mahesh earned 50 total points
ID: 40622913
I have worked with ADFS 2.0 \ 3.0, however never integrated any products to add CAPTCHA in ADFS form based logins

If 3rd party product can be integrated, probably they can provide you the procedure \ code to modify ADFS implementation

Note that ADFS 3.0 do not contains IIS, its removed from ADFS 3.0
0
 
LVL 63

Expert Comment

by:btan
ID: 40623020
there is an example to add the ReCaptcha plugin into the AD FS Proxy Web Authentication Form, though it is not a specific to manageengine services http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2012/02/06/two-factor-authentication-with-adfs-the-recaptcha-customization.aspx
0
 

Author Comment

by:IT-NYC
ID: 40629048
The goal is to make ADFS more secure. For that reason, we are looking at ManageEngine (and a few other options), even though they are not integrated with ADFS, per say, but have a very decent set of security features.
With removal of IIS in ADFS 3.0, how does one go about reporting of, let's say, failed attempts, locked accounts?
Any advice on securing ADFS is appreciated.
Thanks!
0
 
LVL 63

Accepted Solution

by:
btan earned 350 total points
ID: 40629698
Multi-factor Authentication (supported by AD FS) is worth considering as in all attack (besides s/w vulnerability), identity theft is common and single factor stand far too weak to deter determined attack to get into the key asset such as AD FS. Web proxy (with Web app Firewall capable) fronting the AD FS is anothe strategy to prevent direct public facing internet accessible entry. Block web attacks and attempts to tunnel in thru those potential vulnerability due to misconfiguration.

You probably also have used Security Configuration Wizard (SCW) to reduce the attack surface for a server, based on the server roles required only. Token is a key entity to be secure so ensure token replay detection is enabled (by default it is) and also enforce token encryption with use of certificate for your relying parties trust (though it will then call for some PKI implementation), this is to mitigate and prevent against potential man-in-the-middle (MITM) attacks. Consider event logging and trace logging and have them protected by access control lists (ACL) so as to limit access to only those trusted administrators.

another form of auth - https://www.duosecurity.com/docs/adfs-30
More info - https://technet.microsoft.com/en-us/library/ff630160.aspx
0
 

Author Comment

by:IT-NYC
ID: 40631728
Thanks, I will review and get back to you.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
ADFS Setup 4 41
Event ID 29 KDC Win 2008 R2 DC 6 17
Time sync on Domain 5 37
Multiple Errors from DCDIAG 2 21
How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
Did you know that more than 4 billion data records have been recorded as lost or stolen since 2013? It was a staggering number brought to our attention during last week’s ManageEngine webinar, where attendees received a comprehensive look at the ma…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question