Users receive VIP Access Push notifications when wrong LDAP credentials are used
Article ID: 176571
Updated On:
Products
VIP Service
Issue/Introduction
When a validation server is configured to use VIP Access Push feature and administrator has chosen to perform VIP Authentication first instead of LDAP Authentication (User Name-Security Code-Password mode), then end users may observe the following behaviors:
- Users may receive VIP Access Push notifications even when wrong LDAP password is entered.
- Validation server may reject the user from authenticating to remote device even if user has approved the VIP Access Push notification.
- Spam notifications are received on user’s device when an unauthorized person is trying to authenticate on behalf of the user.
Cause
In the above configuration, validation server will always perform VIP Authentication first irrespective of the validity of the LDAP credential, even when the authenticating user has a valid VIP Access Push credential in place.
Resolution
The Validation Server can be edited to change the authentication order.
Note: VIP authentication protects the user from spam notifications by limiting the number of unattended notification sessions to five. Any further notifications to this device will be blocked for the next one hour. Users can still successfully authenticate by entering the security code followed by LDAP Password.
Feedback
Yes
No
Powered by
