Hot!Yubikey Radius admin MFA authentication

New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/12/30 08:01:15
  • Status: offline
2019/01/03 03:57:36 (permalink) 5.4

Yubikey Radius admin MFA authentication

Has anyone got this setup to work?
I got so far that it asks for token but field length seems to be too short for Yubikey. 

1 Reply Related Threads

    Expert Member
    • Total Posts : 417
    • Scores: 87
    • Reward points: 0
    • Joined: 2015/02/02 03:22:58
    • Status: offline
    Re: Yubikey Radius admin MFA authentication 2019/01/07 06:03:19 (permalink)
    Hi Kimmo,
    I guess that you do have admin user as remote type pointing out to RADIUS server which is doing Access-Challenge, right ?

    How is your slot on a key configured ?
    I think it should be OATH-HOTP with OMP+TT Modhex numeric with 6 digit HOTP Length
    That combo should work for FortiAuthenticator as YubiKey 2FA server when you are going to import the tokens into it. Then those are working when is FortiAuthenticator paired as RADIUS auth server to FortiGate. Therefore I guess that same values (token code generation methods) should work for FortiGate if RADIUS is not a FortiAuthenticator but something else.

    Kind Regards,
    Jump to:
    © 2019 APG vNext Commercial Version 5.5