prasenjitmass Respected Contributor.
Respected Contributor.
820 views

User is not authenticating When AA get integrated to PAM

Hi,
We are using PAM 3.2 (OS Linux).Added Account domain(AD) in credential vault . User of Authentication domain can also access through pam/myaccess . But after integrating Advanced Authentication to PAM , those users could not authenticated through myaccess.
The configuration and Integration steps are as follows :
1) What done at AA server end,
Created repository as same as the name mentioned in PAM Enterprise Credential Vault.
We are using the method Email OTP.
Included that method to a newly created chain.
Also event has been created.
and Endpoint got created when we mention that in PAM end.

2) What done in PAM server end,
In framework user manager "AA Configuration" AA server details are mentioned.
AA server Address Name : ip
Name : endpoint name
Domain: repository name
Event: event name

In Framework User manager Account Setting , secondary authentication also selected.

But After AA integration User could not authenticated. Error given "Invalid user name or password"

Can anyone tell me what the wrong I've made ?

Thank you
0 Likes
3 Replies
prasenjitmass Respected Contributor.
Respected Contributor.

Re: User is not authenticating When AA get integrated to PAM

Hi,
Can anyone help me in this regards?
0 Likes
prasenjitmass Respected Contributor.
Respected Contributor.

Re: User is not authenticating When AA get integrated to PAM

Hi,
Can anyone please help me to solve this issue ?
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: User is not authenticating When AA get integrated to PAM

Are these Local Framework users you are attempting to add to AA for 2FA?

The following worked for me in this case from AA:
- REPOSITORIES: Make sure the local user(s) are created in the "LOCAL" Repository on AA
- EVENTS: Verify the 2FA chain(s) are added to the Event that was created (From "Available" -> "Used" column).
- EVENTS: Also make sure the PAM-AA Endpoint is moved into "Used" for the "Endpoints whitelist".
- AA: Logged in as User into AA in order to configure the appropriate 2FA Method (i.e. TOTP).

Then, one important thing I noticed, it would only allow me to login with the password configured in PAM for the user, but would then present the 2FA options for the user I had configured.
I was able to login with a local framework user's password in PAM and then validate the 2FA device from AAF.

Hopefully the above helps your situation here.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.