• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 705
  • Last Modified:

ADFS 3.0 and CAPTHA

Hello,
Has anyone implemented ADFS with CAPTCHA to
I am looking at http://www.manageengine.com/products/self-service-password/
Thanks for any advice/experience/information.
0
IT-NYC
Asked:
IT-NYC
  • 4
  • 2
  • 2
  • +1
4 Solutions
 
footechCommented:
How does ADFS with CAPTCHA relate to ManageEngine SelfService Plus?
I'm afraid I can't even tell what you're asking.

SelfService Plus runs on a Tomcat server that is included in the product, not IIS.  The CAPTCHA option is just a check box in the settings.
0
 
IT-NYCAuthor Commented:
I am looking to implement CAPTCHA as an additional layer of protection for ADFS 3.0. If it is possible to use it within ADFS, third-party tool is preferred, great. I mentioned this particular program because it is AD-aware, so my understanding that it will work well with ADFS, even if it is not designed specifically for ADFS.
0
 
footechCommented:
Maybe you want to add a CAPTCHA to the forms-based login page of ADFS?

Can't advise you on that, but it'd probably be a better question for the IIS topic area, or ASP.

Good luck.
0
Become a Leader in Data Analytics

Gain the power to turn raw data into better business decisions and outcomes in your industry. Transform your career future by earning your MS in Data Analytics. WGU’s MSDA program curriculum features IT certifications from Oracle and SAS.  

 
IT-NYCAuthor Commented:
Thanks!
0
 
MaheshArchitectCommented:
I have worked with ADFS 2.0 \ 3.0, however never integrated any products to add CAPTCHA in ADFS form based logins

If 3rd party product can be integrated, probably they can provide you the procedure \ code to modify ADFS implementation

Note that ADFS 3.0 do not contains IIS, its removed from ADFS 3.0
0
 
btanExec ConsultantCommented:
there is an example to add the ReCaptcha plugin into the AD FS Proxy Web Authentication Form, though it is not a specific to manageengine services http://myitforum.com/cs2/blogs/forefrontsecurity/archive/2012/02/06/two-factor-authentication-with-adfs-the-recaptcha-customization.aspx
0
 
IT-NYCAuthor Commented:
The goal is to make ADFS more secure. For that reason, we are looking at ManageEngine (and a few other options), even though they are not integrated with ADFS, per say, but have a very decent set of security features.
With removal of IIS in ADFS 3.0, how does one go about reporting of, let's say, failed attempts, locked accounts?
Any advice on securing ADFS is appreciated.
Thanks!
0
 
btanExec ConsultantCommented:
Multi-factor Authentication (supported by AD FS) is worth considering as in all attack (besides s/w vulnerability), identity theft is common and single factor stand far too weak to deter determined attack to get into the key asset such as AD FS. Web proxy (with Web app Firewall capable) fronting the AD FS is anothe strategy to prevent direct public facing internet accessible entry. Block web attacks and attempts to tunnel in thru those potential vulnerability due to misconfiguration.

You probably also have used Security Configuration Wizard (SCW) to reduce the attack surface for a server, based on the server roles required only. Token is a key entity to be secure so ensure token replay detection is enabled (by default it is) and also enforce token encryption with use of certificate for your relying parties trust (though it will then call for some PKI implementation), this is to mitigate and prevent against potential man-in-the-middle (MITM) attacks. Consider event logging and trace logging and have them protected by access control lists (ACL) so as to limit access to only those trusted administrators.

another form of auth - https://www.duosecurity.com/docs/adfs-30
More info - https://technet.microsoft.com/en-us/library/ff630160.aspx
0
 
IT-NYCAuthor Commented:
Thanks, I will review and get back to you.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Making Bulk Changes to Active Directory

Watch this video to see how easy it is to make mass changes to Active Directory from an external text file without using complicated scripts.

  • 4
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now