Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 1013 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Sophos Connect 2.0 and SSL Provisioning File

jt86

Identified a bug of somekind here but could use some support/confirmation.

When using the VPN portal with the OTP enabled, the SSL VPN connection needs an OTP even when the provisioning file is set to false for this setting. The first login fails but subsequent logins without the OTP works added to the password. This is really confusing as it doesn't indicate to the users that the OTP is required on first login and the error message is just that of the credentials being invalid.



This thread was automatically locked due to age.
  • FormerMember
    0 FormerMember

    Hi ,

    Thank you for reaching out to the Community! 

    Thank you for the feedback. 

    I will update you on this after replicating this issue in my LAB and consulting the internal team. 

    Thanks,

  • 0 in reply to FormerMember

    Also one thing to consider using Sophos Connect 2.0 on Windows. I used provisionig file with option to save password and just use 2FA. When user has to change AD password, you can do that by selecting clear credentials. This does not work. I had to first update policy again with new password,exit and start program again. Then it was OK.

  • FormerMember
    0 FormerMember in reply to FormerMember

    Hi ,

    I tried to replicate this in my test environment and it appears that I do not see the same behavior as you described. 

    When you enable OTP for User Portal but did not enable OTP in Connect Client, user authentication will fail with the following logline on XG: 

    MESSAGE   Nov 10 02:55:57 [OTP_AUTH]: (otp_handle_complete_password_success_request): REJECT6 for user h_patel (user should have used OTP but didn't do it, didn't use User Portal, had unused tokens)
    INFO Nov 10 03:05:23 [access_server]: (check_auth_result): OTP authentication with short password failed for user h_patel, will retry with complete password
    DEBUG Nov 10 03:05:23 [POSTGRES_DB]: (pg_db_process_prepq_async): param_value[4]: 'h_patel'

    Note: You can see these logs when you put the access_server service in debug.

    The subsequent logins do not work as you described. I was not able to download the provisioning file without first setting up OTP for the user. 

    Thanks,