Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

ADFS 3.0 and CAPTHA

Posted on 2015-02-03
10
Medium Priority
?
613 Views
Last Modified: 2015-03-02
Hello,
Has anyone implemented ADFS with CAPTCHA to
I am looking at http://www.manageengine.com/products/self-service-password/
Thanks for any advice/experience/information.
0
Comment
Question by:IT-NYC
  • 4
  • 2
  • 2
  • +1
10 Comments
 
LVL 41

Assisted Solution

by:footech
footech earned 400 total points
ID: 40587245
How does ADFS with CAPTCHA relate to ManageEngine SelfService Plus?
I'm afraid I can't even tell what you're asking.

SelfService Plus runs on a Tomcat server that is included in the product, not IIS.  The CAPTCHA option is just a check box in the settings.
0
 

Author Comment

by:IT-NYC
ID: 40588911
I am looking to implement CAPTCHA as an additional layer of protection for ADFS 3.0. If it is possible to use it within ADFS, third-party tool is preferred, great. I mentioned this particular program because it is AD-aware, so my understanding that it will work well with ADFS, even if it is not designed specifically for ADFS.
0
 
LVL 41

Assisted Solution

by:footech
footech earned 400 total points
ID: 40589454
Maybe you want to add a CAPTCHA to the forms-based login page of ADFS?

Can't advise you on that, but it'd probably be a better question for the IIS topic area, or ASP.

Good luck.
0
Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

 

Author Comment

by:IT-NYC
ID: 40589506
Thanks!
0
 
LVL 38

Assisted Solution

by:Mahesh
Mahesh earned 200 total points
ID: 40622913
I have worked with ADFS 2.0 \ 3.0, however never integrated any products to add CAPTCHA in ADFS form based logins

If 3rd party product can be integrated, probably they can provide you the procedure \ code to modify ADFS implementation

Note that ADFS 3.0 do not contains IIS, its removed from ADFS 3.0
0
 
LVL 65

Expert Comment

by:btan
ID: 40623020
there is an example to add the ReCaptcha plugin into the AD FS Proxy Web Authentication Form, though it is not a specific to manageengine services http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2012/02/06/two-factor-authentication-with-adfs-the-recaptcha-customization.aspx
0
 

Author Comment

by:IT-NYC
ID: 40629048
The goal is to make ADFS more secure. For that reason, we are looking at ManageEngine (and a few other options), even though they are not integrated with ADFS, per say, but have a very decent set of security features.
With removal of IIS in ADFS 3.0, how does one go about reporting of, let's say, failed attempts, locked accounts?
Any advice on securing ADFS is appreciated.
Thanks!
0
 
LVL 65

Accepted Solution

by:
btan earned 1400 total points
ID: 40629698
Multi-factor Authentication (supported by AD FS) is worth considering as in all attack (besides s/w vulnerability), identity theft is common and single factor stand far too weak to deter determined attack to get into the key asset such as AD FS. Web proxy (with Web app Firewall capable) fronting the AD FS is anothe strategy to prevent direct public facing internet accessible entry. Block web attacks and attempts to tunnel in thru those potential vulnerability due to misconfiguration.

You probably also have used Security Configuration Wizard (SCW) to reduce the attack surface for a server, based on the server roles required only. Token is a key entity to be secure so ensure token replay detection is enabled (by default it is) and also enforce token encryption with use of certificate for your relying parties trust (though it will then call for some PKI implementation), this is to mitigate and prevent against potential man-in-the-middle (MITM) attacks. Consider event logging and trace logging and have them protected by access control lists (ACL) so as to limit access to only those trusted administrators.

another form of auth - https://www.duosecurity.com/docs/adfs-30
More info - https://technet.microsoft.com/en-us/library/ff630160.aspx
0
 

Author Comment

by:IT-NYC
ID: 40631728
Thanks, I will review and get back to you.
0

Featured Post

Ready for your healthcare security check-up?

In the past few years, healthcare organizations have become a prime target for advanced attacks. Does your organization have what it needs to defend itself? Schedule your healthcare security check-up today and download our free Healthcare Security Resource Kit today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
In the absence of a fully-fledged GPO Management product like AGPM, the script in this article will provide you with a simple way to watch the domain (or a select OU) for GPOs changes and automatically take backups when policies are added, removed o…
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

926 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question