ESP Login behaviour 2fa radius backend

0

Hi, I'm wondering why Kemp acts the way it does in the following scenario. 

Setup:

I have ESP set up to authenticate to a RADIUS that offers challenge response authentication.
The user first passes his user credentials, his password, if this validates, he passes his token.


Behavior:

The users signs in to kemp, he validates his user/password and then his token. Validation is OK. 
The user closed the page, clears his cookies and closes his browser. 
The user starts the browser (right away) and logs in to kemp. Kemp asks for a username/password, but not his token. Kemp does not contact the RADIUS server. 

How exactly does Kemp remembers that this user was validated already?
Can I change this behavior to make sure the user needs to enter the token again? 

(I'm assuming this is the session timeout value, but I don't understand why the username/password needs to be passed, while not the token)

2 comments

Avatar
0
jb

This is now confirmed by Kemp as a bug. If/when this gets fixed, I'll add a note here. 

Avatar
0
jb

This was fixed by kemp starting with Loadmaster version 7.2.43