Am 05.01.2017 um 23:52 schrieb Stefan Schlesinger:
Hi,
we are trying to implement 2FA for Cisco ASA Anyconnect VPN clients.
The ASA supports a “secondary password” input, so the dialog asks for a username, a password and another password. The ASA is going to fire off an Access-Request for each of the passwords. The first one with the users password and if successful, a subsequent request, which should contain the one time authentication token.
We couldn’t figure out yet how to authenticate the subsequent request against a different authentication module, especially because they both look the same, besides the Request Id.
Can anyone help out how to handle the latter different from the first request in an unlang config?
Do you really want to use the econdary password option? I'd rather use a real 2FA system like privacyIDEA which uses FreeRadius. Michael