SSL VPN
Reply
Contributor
Lilja
Posts: 88
Registered: ‎12-02-2009
0

Invalid credentials/Pulse Desktop/challenge-based authentication

[ Edited ]

KB20911

This still seems to be a problem with 7.2R1.1, can anyone else confirm AND/OR solve it?

The error message appears but can be discarded and the reply-message can be entered.


---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Moderator
zanyterp
Posts: 2,332
Registered: ‎11-19-2007
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

To my knowledge it should be working there.
Contributor
Lilja
Posts: 88
Registered: ‎12-02-2009
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication


zanyterp wrote:
To my knowledge it should be working there.

Well.. it's the same problem on both Win7 and OSX Lion

"Credentials were invalid, please try again".

I'm on 7.2r1.1

---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Contributor
Lilja
Posts: 88
Registered: ‎12-02-2009
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

I have to bump this one...

The RADIUS Access Challenge looks like this:

Type: 11 (Access-Challenge)
Id: 205
Length: 64
IPAddress: /10.201.1.215
Port: 57462
Attribute-Type : 18 (Reply-Message)
Attribute-Length: 34
Attribute-Value : "Please enter your onetime password"
Attribute-Type : 24 (State)
Attribute-Length: 6
Attribute-Value : "QhG511"

 

The Junos Pulse dialog says "Alert.Credentials were invalid. Please try again."

Obviously the RADIUS Reply-Message is not read and Junos Pulse is also showing the wrong response.

The Alert message from Junos Pulse can be discarded and the OTP can successfully be entered.

 

Note: The portal login also does not show the correcty RADIUS Reply-Message but some generic page (without an error though).

 

Is there something that can be done in the custom RADIUS rules?

 

 

---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Moderator
zanyterp
Posts: 2,332
Registered: ‎11-19-2007
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

what do you see on the web portal?

until it works on the web portal, pulse will not work either.

how are your radius rules configured?

Contributor
Lilja
Posts: 88
Registered: ‎12-02-2009
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

Everything is working nicely in web-portal and NC, this has never been a problem.

The standard reply-message is shown (defender-page) and OTP can be entered.

Screenshot shows radius rules.

---------------------------------------------------
Please mark this post as 'accepted solution' if my input answers your question!
A kudo would be nice if you think I deserve it.
---------------------------------------------------
2 A/P clustered 6500, 7.4R9.1
2 A/P clustered 2500, 8.0R3.1 LAB
Moderator
zanyterp
Posts: 2,332
Registered: ‎11-19-2007
0

Re: Invalid credentials/Pulse Desktop/challenge-based authentication

Unfortunately, I do not have a way to test this quickly to update on what might be happening.

How is your JTAC case looking on this? If you do not have one yet, I would recommend opening one

Copyright© 1999-2013 Juniper Networks, Inc. All rights reserved.