cancel
Showing results for 
Search instead for 
Did you mean: 
Post a Question

Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider

Hi,

I'd like to configure the DynamicID authentication in SSL VPN in order to configure the 2FA in a R77.30 environment

I already configured the Mobile Access blade and I have already some native applications pubblished. Users are able to reach the portal and to log in by using the first factor.

Based on the documentatio, in order to configure the 2FA, i have to type the URL of my SMS provider in Authentication tab.

All variables of the request (credentials of SMS Provider, text of the message and cellphone) must be included int the URL. Ex:

https://gateway.test.com/SMs?user=$USER&password=$PASSWORD&text=$TEXT&phone=$PHONE

Unfortuntately, the sms provider  that I'm trying to use, needs to receive the credentials in the HEADER or the request. For  this reason, I'm not able to configure it.

Do you know if it's possible to modify the Header of the HTTP POST call done by the Gateway when it tries to comunicate with the SMS Provider?

I only need to  add user and password.

Or is there a feasible alternative to interact with that SMS Provider?

Thanks for your attention.

3 Replies
ED
Silver

Re: Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider

Hi,

First find the format that your SMS provider accepts and do a simple test by opening a web browser and run the https request from there. If you recieve an SMS then it's ok. (Run with real values for username, password, text and phone...)

Try to use that format in Check Point and substitute your real values for user and password with $USERNAME and $PASSWORD that Check Point will insert from your SMS provider account credentials. Also substitute the other values with $PHONE, $MESSAGE. The phone value will be recieved from your AD field PhoneNumberAttr.

You can also try to send SMS $CVPNDIR/bin/sendsms from your gateway. Take a look at the script sendsms by opening it in vi for a deeper look at how it works. 

(R80.10)

Re: Configuring 2FA with DynamycID in R77.30 - HTTP Post request to SMS Provider

HI Enis,

thank you for the information.

I will take a look on the script.

My issue is that the SMS Provider didn't accept the username and  password urlencoded. So I can't use the URL by inserting  ?username=$USER&password=$PASSWORD.

For this reason any attempts wth username and password in the URL is not authorized (I got HTTP Status 401:Anonymous authentication is not allowed). It expects that I provide the password and username values in the header of the request

0 Kudos

Re: Configuring 2FA with DynamycID in R77.30  - HTTP Post request to SMS Provider

HI,

just for your information.

I took a look to the sendsms script within CVPNDIR/bin/sendsms

The request to the SMS gateway is invoked  by a simple "curl" with the argument received by the Dashboard (Mobile Access -> Authentication)

So i  found the right call to invoke the sms gateway by using curl and by adding parameters like -h (headers) and --user for the authentication.

Now i need to adapt my call with the  checnpoint sendsms script. For this reason i  opened a service request by reporing my curl call .

I hope the support will provide me a valid way to support me.

Bye

0 Kudos