+ Post New Thread
Results 1 to 12 of 12
Internet Related/Filtering/Firewall Thread, Two factor authentication solution in Technical; Hi, I hope this won't be regarded as advertising (as I'm not charging anything). I've been into loads of schools ...
  1. #1

    Join Date
    Sep 2007
    Location
    Newark On Trent
    Posts
    28
    Thank Post
    0
    Thanked 8 Times in 3 Posts
    Rep Power
    16

    Two factor authentication solution

    Hi,

    I hope this won't be regarded as advertising (as I'm not charging anything).

    I've been into loads of schools in the last few years installing XenApp / XenDesktop and two factor authentication seems pretty rare (despite BECTA saying it was a requirement if SIMS and similar were published). My guess is that this is down to costs - 45 - 110 per user isn't going to fly if you have 100 members of staff and 2,000 kids.

    To solve the above I've written a two factor platform that you're welcome to install for free. It works on XenApp/XenDesktop, SonicWall, etc (pretty much anything. The website is WrightCCS - - Citrix two factor authentication

    As above, no cost, install it, use it, don't pay for it. It supports hardware tokens (I got mine from Gooze.eu for about 9Euro), software tokens on the iPhone/Android/Blackberry (free), text message (you pay for the texts - the beta version will allow you to use any provider), and in the beta release it also supports voice call authentication (via Twilio).
    The admin interface does single signon and runs over the network so you'd install the software and publish it via XenApp (or install it anywhere you want) and logged-on users can update their own details.

    If anyone is interested let me know and I'll give you some help to get it installed (free).

    Steve

  2. 6 Thanks to wrights:

    Alis_Klar (12th September 2013), DT2 (14th January 2013), FN-GM (13th January 2013), pcstru (13th January 2013), robknowles (13th January 2013), TheScarfedOne (13th January 2013)

  3. #2

    FN-GM's Avatar
    Join Date
    Jun 2007
    Location
    UK
    Posts
    15,846
    Thank Post
    877
    Thanked 1,680 Times in 1,460 Posts
    Blog Entries
    12
    Rep Power
    444
    That does deserve a thanked post. Would be good to have it for Windows Login as well

  4. #3

    Join Date
    Sep 2007
    Location
    Newark On Trent
    Posts
    28
    Thank Post
    0
    Thanked 8 Times in 3 Posts
    Rep Power
    16
    I've never used it but pGina allows you to use RADIUS for Windows Login, so this should work perfectly with SMS2.
    If you setup pgina let me know - I'd love to document it and put that on the site for everyone else interested.

  5. #4

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,344
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Could you provide support for yubikey as an authentication device?

    Thanks

    Ben

  6. #5

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,658
    Thank Post
    858
    Thanked 646 Times in 429 Posts
    Rep Power
    498
    Quote Originally Posted by FN-GM View Post
    That does deserve a thanked post. Would be good to have it for Windows Login as well
    I use these guys for Windows Logins over RDP: https://www.duosecurity.com/
    Nice little Android/iPhone App too...

  7. #6
    Steven_Cleaver's Avatar
    Join Date
    Jul 2008
    Location
    Birmingham
    Posts
    461
    Thank Post
    172
    Thanked 83 Times in 67 Posts
    Rep Power
    50
    Quote Originally Posted by wrights View Post
    Hi,

    I hope this won't be regarded as advertising (as I'm not charging anything).

    I've been into loads of schools in the last few years installing XenApp / XenDesktop and two factor authentication seems pretty rare (despite BECTA saying it was a requirement if SIMS and similar were published). My guess is that this is down to costs - 45 - 110 per user isn't going to fly if you have 100 members of staff and 2,000 kids.


    To solve the above I've written a two factor platform that you're welcome to install for free. It works on XenApp/XenDesktop, SonicWall, etc (pretty much anything. The website is WrightCCS - - Citrix two factor authentication

    As above, no cost, install it, use it, don't pay for it. It supports hardware tokens (I got mine from Gooze.eu for about 9Euro), software tokens on the iPhone/Android/Blackberry (free), text message (you pay for the texts - the beta version will allow you to use any provider), and in the beta release it also supports voice call authentication (via Twilio).
    The admin interface does single signon and runs over the network so you'd install the software and publish it via XenApp (or install it anywhere you want) and logged-on users can update their own details.

    If anyone is interested let me know and I'll give you some help to get it installed (free).

    Steve
    Completely agree with your comments as regards two Factor Authentication so have built this into our Gateway solution for access for Staff to MIS systems using an Encrypted App. I like the idea of staff and students accessing all resources remotely but it always worried me if a student got hold of staff logins and issues with MIS systems. As you say have seen a few systems where no Dual factor access to access to MIS systems and this always worried me.

  8. #7
    lmgtfy's Avatar
    Join Date
    Feb 2010
    Posts
    257
    Thank Post
    41
    Thanked 26 Times in 22 Posts
    Rep Power
    43
    Quote Originally Posted by Gatt View Post
    I use these guys for Windows Logins over RDP: https://www.duosecurity.com/
    Nice little Android/iPhone App too...
    Looks good do you remember how much it cost your school? It mentions $3 Per user per month so I'm hoping they have education pricing otherwise that's going to get expensive for us.

  9. #8

    Gatt's Avatar
    Join Date
    Jan 2006
    Posts
    6,658
    Thank Post
    858
    Thanked 646 Times in 429 Posts
    Rep Power
    498
    I'm using it at home, so I'm on a free plan - get unlimited instances and about 1000 sms/calls free
    But by using PUSH notifications or the phone app to generate a passcode that's keyed to my account - I dont even use them.

  10. #9

    Join Date
    Sep 2007
    Location
    Newark On Trent
    Posts
    28
    Thank Post
    0
    Thanked 8 Times in 3 Posts
    Rep Power
    16
    Yubikey should work fine as an authentication device. Using the admin console in SMS2 you can specify a manual OATH-TOTP shared secret, using the Yubikey personalisation tool you can load the same shared secret on your Yubikey.

    As I understand it you'd need the Yubikey TOTP application installed on the PC, when you reached an authentication screen (in my case the Citrix Web Interface logon screen) you'd doubleclick the Yubikey TOTP application in the system tray and it would query the key and paste the correct code into the token box on the screen.

    Steve

  11. #10

    Join Date
    Sep 2007
    Location
    Newark On Trent
    Posts
    28
    Thank Post
    0
    Thanked 8 Times in 3 Posts
    Rep Power
    16
    >https://www.duosecurity.com


    SMS2 will do exactly the same functionality for free, Remote Desktop Services will require either pGINA as a linked to above (also free) or Microsoft's Threat Management Gateway software.

  12. #11

    plexer's Avatar
    Join Date
    Dec 2005
    Location
    Norfolk
    Posts
    13,344
    Thank Post
    624
    Thanked 1,584 Times in 1,421 Posts
    Rep Power
    414
    Quote Originally Posted by wrights View Post
    Yubikey should work fine as an authentication device. Using the admin console in SMS2 you can specify a manual OATH-TOTP shared secret, using the Yubikey personalisation tool you can load the same shared secret on your Yubikey.

    As I understand it you'd need the Yubikey TOTP application installed on the PC, when you reached an authentication screen (in my case the Citrix Web Interface logon screen) you'd doubleclick the Yubikey TOTP application in the system tray and it would query the key and paste the correct code into the token box on the screen.

    Steve
    Hi Steve,

    Thanks for that I guess I was thinking about yubikeys in normal mode forgot that new ones can do oath.

    Ben

  13. #12
    Abe
    Abe is offline

    Join Date
    Apr 2009
    Posts
    21
    Thank Post
    0
    Thanked 4 Times in 4 Posts
    Rep Power
    11
    Quote Originally Posted by wrights View Post
    >https://www.duosecurity.com


    SMS2 will do exactly the same functionality for free, Remote Desktop Services will require either pGINA as a linked to above (also free) or Microsoft's Threat Management Gateway software.
    Are you (or anybody else) able to provide a any pointers on where to start with integrating SMS2 and pGINA for Remote Desktop Services authentication?

    Cheers,

SHARE:
+ Post New Thread

Similar Threads

  1. Remote access and Two Factor Authentication
    By gjames in forum Internet Related/Filtering/Firewall
    Replies: 6
    Last Post: 8th February 2010, 09:16 AM
  2. Two factor authentication
    By k-mart in forum Windows
    Replies: 0
    Last Post: 28th October 2006, 04:28 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •