H/TOTP Enrollment in multiple realms shows as same URL in Authenticate application

Follow

Version Affected:  all

Description:  

Using multiple enrollment realms on the same IdP server for multiple users may confuse end-users due to the fact that the URL shown within the application is the same for each realm the end-user has enrolled in.

 

Cause:  

This issue happens due to the fact that the Authenticate application uses the the FQDN of the external connection as the distinguishing label within the application.

 

Resolution:  

If the IdP server has a wildcard certificate installed (*.domain.ext), customers in charge of their DNS management can easily create new 'A records' or CNAME's within their DNS manager pointing to the same IP/Record of their main IdP FQDN. Upon enrolling for a new H/TOTP within a realm, the new FQDN will show within the Authenticate application and be easier for end-users to distinguish between which realm the Token is valid for.

 

Special Considerations (optional as needed):  

A Wild-Card or Multiple certificates must be installed on the IdP server and bound within IIS.

If using multiple certificates, IIS will require multiple IP addresses as IIS can only bind a single IP address to a single certificate.

 

 

SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.

Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.