Pulse Connect Secure

Introduction

The purpose of this document is to provide a configuration guideline on how to implement Mideye two-factor authentication for Pulse Connect Secure.

Requirements

A Mideye Server (any release). If there is a firewall between the Pulse Connect Secure and the Mideye Server, it must be open for two-way RADIUS traffic (UDP, standard port 1812). Pulse Connect Secure acts as a RADIUS client towards the Mideye Server. Hence, the Pulse Connect Secure must be defined as a RADIUS client on the Mideye Server. Refer to Configuration guide for information on how to define a new RADIUS client.

Prerequistes

This guide requires an already functioning Pulse Connect Secure environment.

Integration steps

Login to pulse secure using the admin page https://FQDN/admin.

Create a new authentication server

Navigate to “Authentication” followed by “Auth.Servers”. Select “RADIUS Server” in the dropdown list and select “New Server…”

Name: Give the authentication server a friendly name.
NAS-Identifier: Leave blank.
RADIUS Server: Enter the IP or hostname of the Mideye Radius Server.
Authentication port: Default value is UDP/1812.
Shared Secret: Enter a shared secret that should be identical on both the pulse secure and the Mideye Server RADIUS-client.
Accounting: Leave as default
Timeout: Set the timeout to 35 seconds. This is mandatory, so that any fallback method have enough time to finish before timing out.
Retries: Set to 0.

Configuration of RADIUS server

Configuration of RADIUS server

Under “Custom Radius Rules”, click “New RADIUS Rule.”

Name: Name the rule “Access Reject”
Response Packet Type: Access Reject
Attribute criteria: Radius Attribute; Reply-Message (18), matches the expression; Add (.*) to value field; Click “Add”.

Select “Show user login page with error message” –> “Show Reply-Messages attribute from the RADIUS server to the user”

Click “Save Changes”.

Create Custom Access Reject Radius Rule

Create Custom Access Reject Radius Rule

Again, click “New RADIUS Rule”

Name: Name the rule “Access Challenge”
Response Packet Type: Access Challenge
Attribute criteria: Radius Attribute; Reply-Message (18), matches the expression; Add (.*) to value field; Click “Add”.

Select “Show Generic Login page”

Click “Save Changes”.

Create Custom Challenge Radius Rule

Create Custom Challenge Radius Rule

The end result should look like the picture above

The end result should look like the picture above.

Click “Save changes” to save the authentication server

Apply the authentication server to a user realm

Navigate to “Users” –> “User realm” and select to realm that should be protected using Mideye authentication. Add the created RADIUS-server and click “Save Changes”

Troubleshooting

Check RADIUS-logs

Check if anything is written to the Mideye RADIUS logs

Mideye Server\log\radius-messages.log

If nothing is logged, verify that udp/1812 is allowed between your Secure Pulse and Mideye Server.

Contact Mideye support

For further support please contact Mideye support, support@mideye.com, +46854514750.