ADFS 3.0 and CAPTHA

Hello,
Has anyone implemented ADFS with CAPTCHA to
I am looking at http://www.manageengine.com/products/self-service-password/
Thanks for any advice/experience/information.
IT-NYCAsked:
Who is Participating?
 
btanExec ConsultantCommented:
Multi-factor Authentication (supported by AD FS) is worth considering as in all attack (besides s/w vulnerability), identity theft is common and single factor stand far too weak to deter determined attack to get into the key asset such as AD FS. Web proxy (with Web app Firewall capable) fronting the AD FS is anothe strategy to prevent direct public facing internet accessible entry. Block web attacks and attempts to tunnel in thru those potential vulnerability due to misconfiguration.

You probably also have used Security Configuration Wizard (SCW) to reduce the attack surface for a server, based on the server roles required only. Token is a key entity to be secure so ensure token replay detection is enabled (by default it is) and also enforce token encryption with use of certificate for your relying parties trust (though it will then call for some PKI implementation), this is to mitigate and prevent against potential man-in-the-middle (MITM) attacks. Consider event logging and trace logging and have them protected by access control lists (ACL) so as to limit access to only those trusted administrators.

another form of auth - https://www.duosecurity.com/docs/adfs-30
More info - https://technet.microsoft.com/en-us/library/ff630160.aspx
0
 
footechCommented:
How does ADFS with CAPTCHA relate to ManageEngine SelfService Plus?
I'm afraid I can't even tell what you're asking.

SelfService Plus runs on a Tomcat server that is included in the product, not IIS.  The CAPTCHA option is just a check box in the settings.
0
 
IT-NYCAuthor Commented:
I am looking to implement CAPTCHA as an additional layer of protection for ADFS 3.0. If it is possible to use it within ADFS, third-party tool is preferred, great. I mentioned this particular program because it is AD-aware, so my understanding that it will work well with ADFS, even if it is not designed specifically for ADFS.
0
WEBINAR: 10 Easy Ways to Lose a Password

Join us on June 27th at 8 am PDT to learn about the methods that hackers use to lift real, working credentials from even the most security-savvy employees. We'll cover the importance of multi-factor authentication and how these solutions can better protect your business!

 
footechCommented:
Maybe you want to add a CAPTCHA to the forms-based login page of ADFS?

Can't advise you on that, but it'd probably be a better question for the IIS topic area, or ASP.

Good luck.
0
 
IT-NYCAuthor Commented:
Thanks!
0
 
MaheshArchitectCommented:
I have worked with ADFS 2.0 \ 3.0, however never integrated any products to add CAPTCHA in ADFS form based logins

If 3rd party product can be integrated, probably they can provide you the procedure \ code to modify ADFS implementation

Note that ADFS 3.0 do not contains IIS, its removed from ADFS 3.0
0
 
btanExec ConsultantCommented:
there is an example to add the ReCaptcha plugin into the AD FS Proxy Web Authentication Form, though it is not a specific to manageengine services http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2012/02/06/two-factor-authentication-with-adfs-the-recaptcha-customization.aspx
0
 
IT-NYCAuthor Commented:
The goal is to make ADFS more secure. For that reason, we are looking at ManageEngine (and a few other options), even though they are not integrated with ADFS, per say, but have a very decent set of security features.
With removal of IIS in ADFS 3.0, how does one go about reporting of, let's say, failed attempts, locked accounts?
Any advice on securing ADFS is appreciated.
Thanks!
0
 
IT-NYCAuthor Commented:
Thanks, I will review and get back to you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.