topic Re: Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider in General Topics

Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider

Nicola_Caddeo — Tue, 13 Mar 2018 09:30:05 GMT

Hi,

I'd like to configure the DynamicID authentication in SSL VPN in order to configure the 2FA in a R77.30 environment

I already configured the Mobile Access blade and I have already some native applications pubblished. Users are able to reach the portal and to log in by using the first factor.

Based on the documentatio, in order to configure the 2FA, i have to type the URL of my SMS provider in Authentication tab.

All variables of the request (credentials of SMS Provider, text of the message and cellphone) must be included int the URL. Ex:

https://gateway.test.com/SMs?user=$USER&password=$PASSWORD&text=$TEXT&phone=$PHONE

Unfortuntately, the sms provider that I'm trying to use, needs to receive the credentials in the HEADER or the request. For this reason, I'm not able to configure it.

Do you know if it's possible to modify the Header of the HTTP POST call done by the Gateway when it tries to comunicate with the SMS Provider?

I only need to add user and password.

Or is there a feasible alternative to interact with that SMS Provider?

Thanks for your attention.

Re: Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider

ED — Tue, 13 Mar 2018 11:46:09 GMT

Hi,

First find the format that your SMS provider accepts and do a simple test by opening a web browser and run the https request from there. If you recieve an SMS then it's ok. (Run with real values for username, password, text and phone...)

Try to use that format in Check Point and substitute your real values for user and password with $USERNAME and $PASSWORD that Check Point will insert from your SMS provider account credentials. Also substitute the other values with $PHONE, $MESSAGE. The phone value will be recieved from your AD field PhoneNumberAttr.

You can also try to send SMS $CVPNDIR/bin/sendsms from your gateway. Take a look at the script sendsms by opening it in vi for a deeper look at how it works.

(R80.10)

Re: Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider

Nicola_Caddeo — Tue, 13 Mar 2018 13:58:48 GMT

HI Enis,

thank you for the information.

I will take a look on the script.

My issue is that the SMS Provider didn't accept the username and password urlencoded. So I can't use the URL by inserting ?username=$USER&password=$PASSWORD.

For this reason any attempts wth username and password in the URL is not authorized (I got HTTP Status 401:Anonymous authentication is not allowed). It expects that I provide the password and username values in the header of the request

Re: Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider

Nicola_Caddeo — Wed, 14 Mar 2018 10:14:33 GMT

HI,

just for your information.

I took a look to the sendsms script within CVPNDIR/bin/sendsms

The request to the SMS gateway is invoked by a simple "curl" with the argument received by the Dashboard (Mobile Access -> Authentication)

So i found the right call to invoke the sms gateway by using curl and by adding parameters like -h (headers) and --user for the authentication.

Now i need to adapt my call with the checnpoint sendsms script. For this reason i opened a service request by reporing my curl call .

I hope the support will provide me a valid way to support me.

Bye

Re: Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider

wenxiang_guo — Tue, 23 Jul 2019 07:36:43 GMT

Hi Nicola_Caddeo

Do you get a result from TAC?Can you share me with the solution,if you still remember it.Thanks.