HPE Community
HPE OneView
1833788 Members
2770 Online
110063 Solutions
New Discussion

Re: OneView Two-Factor Authentication Username Hint

 
daax
Occasional Advisor

‎08-10-2021 08:40 AM - last edited on ‎08-17-2021 05:21 AM by

‎08-10-2021 08:40 AM - last edited on ‎08-17-2021 05:21 AM by

OneView Two-Factor Authentication Username Hint

Is there any way to use a 'username hint' or otherwise explicitly identify which AD account to map to when logging into a OneView appliance using Two-factor authentication?

This question is referring to the case of there being multiple Active Directory accounts associated with one certificate(smart card) for two-factor login; (i.e. When logging into a Windows machine, utilizing the "username hint" field to specify which account to use at login with a given certificate.)

thanks!

0 Kudos
Reply
1 REPLY 1
ChrisLynch
HPE Pro

‎08-10-2021 01:36 PM - edited ‎08-10-2021 01:36 PM

‎08-10-2021 01:36 PM - edited ‎08-10-2021 01:36 PM

Re: OneView Two-Factor Authentication Username Hint

While not out of the box, it will greatly depend on which attribute needs to be validated for the certificate owner: Subject or Subject Alternative Name.  You would need to construct a regular expression for either or both attributes to identify the correct user account the cert should be validated against.

I can test 2-factor authentication in our labs, it is a singular cert to user account only.  What X509-based smart card solution are you using?

I work at HPE
[Any personal opinions expressed are mine, and not official statements on behalf of Hewlett Packard Enterprise]
Accept or Kudo
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.