Cisco Anyconnect 2FA

Stefan Schlesinger sts at
Sat Jan 7 12:58:51 CET 2017

> On 07 Jan 2017, at 12:08, Muenz, Michael <m.muenz at> wrote:
> Am 05.01.2017 um 23:52 schrieb Stefan Schlesinger:
> Do you really want to use the econdary password option?

Not necessarily, I will try to find out whether the ASA supports the Access-Challenge pattern as well. Its just one of the ways Duo has implemented this on the ASA side.

> I'd rather use a real 2FA system like privacyIDEA which uses FreeRadius.

Well the idea is to use the secondary password option to compare the received password against the TOTP token stored in Keycloak, which doesn’t provide freeradius support yet.



More information about the Freeradius-Users mailing list