Closed audioeptesicus closed 2 years ago
Was it working previously? Is it working normally via the UI? Have you tried RADIUS type like EXAMPLE 11? Do you get an MFA prompt in the console when trying EXAMPLE 9?
Was it working previously? Is it working normally via the UI? Have you tried RADIUS type like EXAMPLE 11? Do you get an MFA prompt in the console when trying EXAMPLE 9?
It was not working previously, and I am able to login to PAM without issues through their web UI. RADIUS types also fail (403), and no MFA prompt from example 9.
Unfortunately, this project doesn't have a Privilege Cloud environment available for any investigation. Hopefully another module user has some insight which may benefit you. What is the authentication option you choose when logging into the UI? What is the underlying authentication method used for the "O365 authentication" you mention?
Thanks. The option on the login page is Duo, and is one that automatically logs the user in with. The page is there for a second before it just redirects to Duo authentication, which first brings you to the login.microsoftonline.com login page to login with the user's O365/AzureAD credentials. There, Duo prompts the user for MFA, then it's authenticated and logged in to the console.
The config method for PAM/Duo is SSO/SAML.
Edit: Also following Example 8, it fails to get a SAMLResponse.
PS C:\Windows\system32> new-passession -baseuri $url -SAMLAuth
Failed to get SAMLResponse
At line:51 char:11
+ Catch { Throw 'Failed to get SAMLResponse' }
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : OperationStopped: (Failed to get SAMLResponse:String) [], RuntimeException
+ FullyQualifiedErrorId : Failed to get SAMLResponse
In short, for SAML authentication flow, where SSO via IWA isn't possible via the module, you will need to provide the SAMLResponse from your IDP as detailed in EXAMPLE 20 or 21
Closing as no updates to module code identified as required.
Provided detail of SAMLResponse
parameter value required for auth.
Describe the issue Cyberark, PAM v12.6.0.42, O365 authentication with Duo for MFA. Receiving 403 authentication failures.
To Reproduce See console output below.
Expected behavior Authenticate without error
Screenshots & Console Output
Your Environment Include relevant details about your environment