| *** Lake_Lurker (~Just@h54.74.91.75.dynamic.ip.windstream.net) has joined #wikid | 10:20 | |
| *** Lake_Lurker has parted #wikid (None) | 11:32 | |
| *** nowen (~nowen@adsl-74-176-212-133.asm.bellsouth.net) has joined #wikid | 12:12 | |
| *** n145 (57662c12@gateway/web/freenode/ip.87.102.44.18) has joined #wikid | 19:27 | |
| n145 | hello | 19:27 |
|---|---|---|
| nowen | hi | 19:27 |
| n145 | can someone tell me how wikid implements 2factor auth | 19:27 |
| nowen | the two factors are possession of the private key embedded in the token and knowledge of the PIN | 19:28 |
| nowen | this might help: http://www.wikidsystems.com/learn-more/technology/overview | 19:28 |
| nowen | you can think of WiKID like certs, except the only thing (mostly) that they do is encrypt PINs one way and OTPs the other. Doing this means that it is very easy to manage users - no need for white/black lists etc. | 19:31 |
| n145 | thanks.. i am not sure if this is what I am looking for.. when user comes to my site i give them a login page.. then on next screen i want them to enter a code ( which is either sent by email/sms to them or have a device that generates this code) | 19:32 |
| nowen | if you are looking to meet some regulation or PCI compliance, there is no need to worry | 19:32 |
| nowen | why do you want them to enter a username and password and an OTP? | 19:32 |
| nowen | any way, you can do that with WiKID | 19:35 |
| nowen | what kind of site is it? | 19:35 |
| n145 | enterprise site | 19:36 |
| n145 | in the pricing page what does per seat mean ? | 19:37 |
| nowen | are your users in AD? | 19:37 |
| n145 | yea | 19:37 |
| nowen | a seat is a username in a domain. Each user can have more than one token, so PC & BB on one username one domain == 1 seat | 19:38 |
| nowen | I recommend you use the username and the OTP. Have the site talk radius to IAS/NPS on windows server. NPS will validate that the user is active in AD and if so proxy the request to WiKID via radius | 19:38 |
| nowen | what is the "site" running? apache? IIS? | 19:39 |
| n145 | iis | 19:39 |
| nowen | does IIS support radius? | 19:39 |
| n145 | i am using isa server | 19:40 |
| nowen | that should do it | 19:40 |
| n145 | once user is validated in AD i want to provide 2nd fact auth | 19:40 |
| nowen | yeah, you can do that without using the LAN password | 19:41 |
| n145 | when the user is provided with second fact form.. the web app will email a code to the user | 19:43 |
| n145 | so how is this code generated ? | 19:43 |
| n145 | and how is it verified | 19:43 |
| n145 | using wikid | 19:43 |
| nowen | WiKID doesn | 19:45 |
| nowen | doesn't use email. We use asymmetric encryption over port 80 | 19:46 |
| nowen | email cannot be secured without using some form of asymmetric encryption anyway, so why bother? | 19:46 |
| nowen | we have our own token client | 19:47 |
| *** n145 has quit (Ping timeout: 252 seconds) | 19:47 | |
| *** nowen has parted #wikid (None) | 22:23 | |
Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!