1 Reply Latest reply on Sep 9, 2014 10:46 AM by sliedl

    MFE 8.3.x Active Passport with multi Authenticators

    krzysztof.anzorge

      Hi Community,


      I have McAfee Firewall Enterprise 8.3.1 (or 8.3.2).

      I use Active Passport with iPlanet (LDAP).
      Users before HTTP access, have to put iPlanet credentials in pop-up window in Web Browser.
      After this, they have to HTTP access for some time.
      This is working OK.


      Now I've added another Authenticator (for example Active Directory - based on LDAP not MLC) and want to use both of them simultanously for Active Passport.
      I've choose "Default authenticator" on Passport page. (see attached screen-shoot)


      2014-09-09_17h13_34.png




      I've tried to auth users from both authenticators, but works only with those choosen as "Default authenticator".


      Question: Can I use both Passport Authenticators simultanously?


      I've found on help page below info:

      "Other authenticators selected in the Authenticators to establish Passport credentials list can be used to authenticate a connection and acquire an Active Passport."


      Please answer how to config Active Passport with more than one Active Authenticator.


      Best regards
      Krzysztof Anzorge

        • 1. Re: MFE 8.3.x Active Passport with multi Authenticators
          sliedl

          This is from page 103 of the 8.3.2 Product Guide.  I knew how to find it by searching for the word 'switch', since I've had to send this to other customers as well:

           

          Switching authentication methods during a logon session

          The firewall allows you to use multiple authentication methods for a given access control rule (for

          example, users might use RADIUS or Password for Telnet authentication). When logging on, a user can

          change to another authentication method by typing :authenticator after the user name.

           

          That's the name of the authenticator you created (not the word 'authenticator').  So for you a user could type 'swadmin:testowa' as their username and then enter the password for the testowa authenticator instead of the password for the default one, ADMOJE.

           

          I'll paste this into the SR you just filed also and you can let them know that this works so we can then close out your SR.