Pulse Secure w/ 2FA
Hi ...
I have a Pulse Secure connection that I am trying to automate and having some difficulty with.
I've tried using the Juniper Junos Pulse VPN module, but it doesn't appear to be doing anything.
Is there a way to run a log or trace on it, to see what happens ? As I don't get a command line window pop-up like I normally would see from Cisco.
Also .. this VPN is using a 2FA mode that I have not had before.
The initial login is the AD creds, then for 2FA I have another username challenge with the OTP password to enter.
I know I can provide an OTP after connection, but I don't believe I can provide a username.
Any ideas ? I guess it could be done with a typing macro, but I am trying to get past issue #1 before I get to this part also.
Any help will be welcome.
All Comments (6)
Hello,
Thank you for reaching out to us regarding this,
I have a few questions which you can hopefully answer.
- Which version of RDM are you using?
- Which type of data source are you using?
I’m also wondering if this was working for you previously, from my understanding RDM is using command lines to launch the VPN externally are you able to do so outside RDM?
Let me know,
Best regards,
Samuel Dery
Hi ..
Totally new connection type, trying to automate something I have to do manually right now with the Pulse Secure client in Windows.
It's a real PITA to have to login and then login again, especially as I have to copy-paste from the 2FA app after the login.
RDM version is the latest ( 2022.3.30.0 ), DataSource is SQL Lite.
Ideally .. I would like to be able to see what this Pulse Secure module is doing, so I can troubleshoot like I have done with Cisco in the past.
Then I can try and understand how to make the secondary login work, with your help.
OK .. An update ..
I managed to get through the initial connection using Pulse Secure.
I found that it didn't have the correct path to the executable and I figured out what the 'realm' was from some internet help (clue: it's normally your domain name).
So .. now I am at the second problem ..
Once it gets through the first authentication challenge, I get a new screen pop-up asking for the 2FA user & the OTP.
I know how to input an OTP challenge at the start of the VPN session, but there is obviously nothing about a user.
Plus .. I don't think this can be put on the command line .. and I think it comes in via a separate window.
Therefore .. would a typing macro be good here ?
And if so .. how do I get RDM to select the window and do the correct TAB etc keys with the OTP ?
Thanks
Hello Ivan,
Thank you for your reply,
I see, could you provide me with a screenshot of your current configuration? You can blur or remove any sensitive information.
Indeed, if it's not possible to achieve this via command line then RDM would face the same limitation in this case, a typing macro may be worth a try.
After launching once the prompt for credentials appear I believe it should be automatically in focus since it is the latest window to open, you can simply add an "Initial Wait" in the "After Open - Macro" section to make sure this window is open when the typing macro is sent.
We have the following documentation regarding typing macros:
https://kb.devolutions.net/rdm_event_auto_typing_macro.html
Let me know if this helps,
Best regards,
Samuel Dery
OK .. But I am not finding the OTP value in the variable list.
I know where to set RDM to prompt for the OTP, but how do I call that value in the typing macro ? ( $OTP$ ? )
And where can I set a variable for the username to use, as the one it uses on the initial connection is not the same.
Hello,
I see, in this case, the variable for the OTP would be $ONE_TIME_PASSWORD$.
For the second username, I'm not sure a variable would be needed for this would simply adding the username in the typing macro not work?
From my understanding the typing macro would be something like this:
Username {TAB} $ONE_TIME_PASSWORD$
Let me know if this helps,
Best regards,
Samuel Dery