SSL VPN
Reply
Contributor
Posts: 88
Registered: ‎12-02-2009
0

Invalid credentials/Pulse Desktop/challenge-based authentication

[ Edited ]

KB20911

This still seems to be a problem with 7.2R1.1, can anyone else confirm AND/OR solve it?

The error message appears but can be discarded and the reply-message can be entered.


---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

To my knowledge it should be working there.
Contributor
Posts: 88
Registered: ‎12-02-2009
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication


zanyterp wrote:
To my knowledge it should be working there.

Well.. it's the same problem on both Win7 and OSX Lion

"Credentials were invalid, please try again".

I'm on 7.2r1.1

---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Contributor
Posts: 88
Registered: ‎12-02-2009
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

I have to bump this one...

The RADIUS Access Challenge looks like this:

Type: 11 (Access-Challenge)
Id: 205
Length: 64
IPAddress: /10.201.1.215
Port: 57462
Attribute-Type : 18 (Reply-Message)
Attribute-Length: 34
Attribute-Value : "Please enter your onetime password"
Attribute-Type : 24 (State)
Attribute-Length: 6
Attribute-Value : "QhG511"

 

The Junos Pulse dialog says "Alert.Credentials were invalid. Please try again."

Obviously the RADIUS Reply-Message is not read and Junos Pulse is also showing the wrong response.

The Alert message from Junos Pulse can be discarded and the OTP can successfully be entered.

 

Note: The portal login also does not show the correcty RADIUS Reply-Message but some generic page (without an error though).

 

Is there something that can be done in the custom RADIUS rules?

 

 

---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

what do you see on the web portal?

until it works on the web portal, pulse will not work either.

how are your radius rules configured?

Contributor
Posts: 88
Registered: ‎12-02-2009
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

Everything is working nicely in web-portal and NC, this has never been a problem.

The standard reply-message is shown (defender-page) and OTP can be entered.

Screenshot shows radius rules.

---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Moderator
Posts: 2,347
Registered: ‎11-19-2007
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

Unfortunately, I do not have a way to test this quickly to update on what might be happening.

How is your JTAC case looking on this? If you do not have one yet, I would recommend opening one

Copyright© 1999-2015 Juniper Networks, Inc. All rights reserved.