YubiKey RADIUS Authentication for Oracle Database

amiguel · ‎02-02-2023

I am protecting an Oracle Database through RADIUS authentication using the DUO Auth Proxy. Everything is working as expected using DUO push, or the 6 digit passcode. However, we now have a use case to use YubiKey and this seems to not work. Any thoughts and recommendation how I can get this factor to work? We tried generating a code by capturing it through a notepad/textpad, copying that YubiKey generated (very long alpha/numeric) code and using as the passcode. That did not work.

Thank you.
Aurelio

DuoKristina · ‎02-06-2023

Is there an error message in either the online Authentication Log in the Admin Panel or in the Authentication Proxy’s local log that gives a reason for not accepting the YubiKey OTP?

You did import the YubiKey OTP token as a hardware token to assign to the user performing the test? If a user enrolls a YubiKey that supports both FIDO2 and OTP as a Duo WebAuthn security key it still needs to be imported separately for OTP use.

Does the effective authentication methods policy for the RADIUS application and given user permit use of hardware tokens?

If all those have been checked, is it possible the authenticating RADIUS device or application restricts the length of the user-password attribute (not RFC 2865 compliant) so it can’t accommodate the 44-char YubiKey OTP??

Duo, not DUO.