topic OneView Two-Factor Authentication Username Hint in HPE OneView

OneView Two-Factor Authentication Username Hint

daax — Tue, 17 Aug 2021 12:21:41 GMT

Is there any way to use a 'username hint' or otherwise explicitly identify which AD account to map to when logging into a OneView appliance using Two-factor authentication?

This question is referring to the case of there being multiple Active Directory accounts associated with one certificate(smart card) for two-factor login; (i.e. When logging into a Windows machine, utilizing the "username hint" field to specify which account to use at login with a given certificate.)

thanks!

Re: OneView Two-Factor Authentication Username Hint

ChrisLynch — Tue, 10 Aug 2021 20:36:58 GMT

While not out of the box, it will greatly depend on which attribute needs to be validated for the certificate owner: Subject or Subject Alternative Name. You would need to construct a regular expression for either or both attributes to identify the correct user account the cert should be validated against.

I can test 2-factor authentication in our labs, it is a singular cert to user account only. What X509-based smart card solution are you using?