I'm looking for astandards-based TOTP (time-based one time password) authentication server to implement strong security for my Netscaler appliance.
I was not able to find a radius server with easy to use interface that supports Google Authenticator.
Grateful if you can suggest a solution!
Thanks
Not sure about how easy to use this solution is, but what Citrix suggests is OpenOTP. It supports Google Authenticator (in addition to others). It is free for 25 users, 50 users will cost you at least 1000EUR
Another solution is TOTPRadius, no pricing info is available, but it is the only one supporting self-registration if using Citrix StoreFront.
p.s. Sorry, forgot to add a disclaimer: I am affiliated with Token2
Update regarding OpenOTP: it is free for 40 users. Please ask RCDevs for actual pricing regarding more users.
Starting with 50 users you are entiteled to install the OpenOTP/WebADM Backend as an active/active cluster (2 servers).
The OpenOTP Token App supports additional features compared to Google Authenticator.
For fast evaluation, virtual appliances (for Oracle Virtual Box or VMware) are available under here.
Protectimus provides 2FA solution for strong protection against unauthorized account access within Citrix XenApp. It also has a status of Citrix Ready. You can contact sales team for actual pricing.
Disclaimer: I work for Protectimus
Related
In our experience with other APIs there is usually a test/private mode and then after the app is approved it can go into live/public mode.
After we create an application based on Microsoft Graph / Outlook REST, what is the process to get the application live/public available for use by our customers and how long does it take? Or is it already live?
Your question isn't really specific, so I'll just answer the general question.
Everybody can create an application for the Microsoft cloud. There isn't a test environment, so every application is live the moment you create it (and switch on multi-tenant). It is always up to the user (or tenant admin) to grant your application access!
Microsoft does however offer various ways to get your application under the attention of a much larger audience. And to get your application in such a marketplace they have various review/test/... processes in place.
I am writing an application to be used potentially by doctors to keep in notes about patients (my app is not targeted for doctors but other professions don't need such strict rules).
My app is written in nodejs and only the backend can access the database with an authenticated user account and following all common security practices such as firewall rules etc.
I read about HIPAA compliance but most of them don't apply because no user specifically has access to the database unless it's coming from the API of the backend for which of course you need to authenticate against my app with SSL.
How can I be confident that doctors can use my app? Is there any authentication test/certificate etc?
The mongodb website has a great example of Hippa compliance standard,I think the following will help you:
https://www.mongodb.com/blog/post/making-hipaa-compliant-applications-mongodb
AWS based applications can be made HIPAA compliant by referring the following detailed documentation of AWS https://aws.amazon.com/compliance/hipaa-compliance/
There is a nicely written whitepaper by AWS available at the above mentioned link
I'm getting started with Amazon Web Services and I have a few question I'm not sure about. As every (company) webpage I want to use an "office#companyname.com" email adress, but how is that done? I looked up at godaddy.com (for domain registration), the offer me an email adress like I want, but for 3 dollars per month.
Is this possible with AWS? Because at AWS you have just a complex domain which is not very userfriendly or serious.
Also I want to host my dynamic webpage on the amazon cloud, but I'm not sure if I'm doing that right. I've read many guides, and all I know is that I have to purchase a Elastic Compute Cloud, and a Simple Storage Service... and every guide is working with the basic linux package, why not Windows? Is it more expensive? I just want to host a mySQL Server for the dynamic webpage, which is reached over a normal domain.
And one last question, if I sign up for an AWS account it asks me for an email account. But I found it a little bit unserious to write there my free-webmailer-adress... How is it done the normal way?
Thanks in advance! Best regards, john.
You have a lot of non-specific non-technical questions, and you might be better served asking them on one of the Amazon forums (https://forums.aws.amazon.com/index.jspa?categoryID=1).
Based your implied lack of experience you might be better off starting with a shared hosting service like Godaddy. Amazon AWS adds a layer of technical complexity that you may not need for your situation...
That said, here are some general answers to you Amazon questions:
Amazon AWS provides generally comparable hosting services for both Windows and Linux.
Amazon Simple Email Service (SES) will send bulk email, but it will not receive email. To do that within the Amazon ecosystem you would need to run your on mail server(s).
Hi I am using CAS for SSO. But problem is that i want reset password,register new user on CAS login screen.Does CAS provide these services or i have to implement?
Or Any other SSO solution exist which fulfill my requirement.
CAS is just a SSO frontend to your existing identity management solution (database, LDAP etc). It does not include any identity management features itself (create user account, reset password etc). I have recently been using the Cloudseal platform which is a full identity management solution and so far I am pretty impressed. I believe Atlassians Crowd also includes this although I have not used it. There are probably other products out there as well.
Both of these are commercial products although they are both free for the first 50 users. Crowd is a traditional standalone platform which you download, install and configure but Cloudseal is a hosted service so there is no installation and less config.
You can certainly modify the spring weblog and login page to allow for the functionality that of course you'd have to implement. You should also ask the question on #cas-user mailing list to see if a similar need in the community has been implemented by other users which you may be able to take advantage of. I remember only recently someone raised the same question to the list and there was a bit of interest in getting this feature developed and integrated. You may want to revisit the topic on the mailing list.
Hope this helps.
I have a couple of questions regarding IBM Portal Portlets.
I have just stumbled into the realm of Portlets - and as far as I am concerned was dropped into the deep end. Having to work on a IBM WebSphere Portal 6.1
We are still in the evaluation stage - and three things that I haven't been able to find clear answers to yet.
Database - is there one single Database that also gets used by the installed Portlets - or do you configure DB individually on a per Portlet Basis?
Authorization and Authentication - how can a Portlet get hold of the User and the rights the user has?
Are there any known constraints in using JSR-301 compliant JSF Bridges instead of bog standard Portlets?
Thanks in advanced.
I haven't used Portal 7 yet, but I have used pretty much every other version, so my apologies if you are using 7 and this information doesn't fit exactly.
1) Database: when you install portal, you configure a database it uses to store portal configuration (and sometimes user rights as well, although this aspect can be set up using a custom user registry like LDAP). If you don't have an already dedicated DB, Portal will use its packaged DB, Cloudscape/Derby. This DB can be completely separate from the DB that the portlets use to manipulate data unrelated to configuration. E.g. if your portlet is displaying inventory for a bike shop, the DB holding that info can be accessed in the normal web application way through a datasource set up in the WAS GUI.
2) For a lot of scenarios, your portlet doesn't need to know the user's rights, it won't render the portlet unless the user has been assigned the correct rights via Portal Administration. But in the cases in which you would need to know the user's rights, they can be accessed via the Portal User Management Architecture. Here's a good whitepaper on the subject: http://public.dhe.ibm.com/software/dw/websphere/PUMA_scenarios.pdf
3) Known constraints? You may have to google for that specifically, but I will say that unless you use IBM's custom JSF bridge, there may not be a lot of support from IBM's technical issue team if you come up against a problem. However, the support guys are usually pretty helpful, I find. Don't let that stop you from trying though :)
The two resources that I use pretty exhaustively are the InfoCenter http://publib.boulder.ibm.com/infocenter/wpdoc/v6r1/index.jsp and the developer forums on IBM Developerworks.
Best of luck, and welcome to the dark side!