Skip to main content
Michael_McDonnell
Michael_McDonnell
New Member
April 9, 2016
Question

Yubikey in FAC 4.1?

  • April 9, 2016
  • 1 reply
  • 13538 views

While exploring FAC 4.1 I just noticed a greyed-out "Yubikey" drop-down menu on the Authentication > User Management > Local Users screen.  Attached is a screenshot with the Yubikey button on the far right side.

 

I do not see a reference to Yubikey support in the new Admin Guide or the release notes. 

 

Is this new to FAC 4.1?

In what way can Yubikey be used with FAC?

Is there FIDO support?

 

    1 reply

    Carl_Windsor_FTNT
    Staff
    Carl_Windsor_FTNT
    Staff
    April 11, 2016

    This was a special build which was merged into FAC 4.1 at the latter stages and missed being documented.  I will get this rectified ASAP.

     

    FortiAuthenticator supports Yubikey USB tokens in OATH-HOTP (Event token) mode.  To import the token seeds into FAC you must create a configuration_log.csv file in Traditional Mode Log Format using the Yubikey Personalization Tool and program the token appropriately.  To use this feature on FAC you must first enable the third party token via https://<FAC_IP>/debug/thirdparty.

     

    Daniel__
    Daniel__
    New Member
    September 22, 2017

    Hey so this is a massively old post but I just recently realised the Yubikey is supposed to be supported as a third party, there is still no documentation regarding this at all and following up on your reply Carl, I can import my tokens, I can synchronise them but when I attempt the auth it fails:

     

    Message Remote LDAP user authentication with FortiToken failed: invalid token
    Name Authentication Failed Bad Token
    Description Authentication failed, bad token code

    I have obviously set up the user in question with this specific token, it just does not work :)

     

    any help would be appreciated

     

     

    Carl Windsor wrote:

    This was a special build which was merged into FAC 4.1 at the latter stages and missed being documented.  I will get this rectified ASAP.

     

    FortiAuthenticator supports Yubikey USB tokens in OATH-HOTP (Event token) mode.  To import the token seeds into FAC you must create a configuration_log.csv file in Traditional Mode Log Format using the Yubikey Personalization Tool and program the token appropriately.  To use this feature on FAC you must first enable the third party token via https://<FAC_IP>/debug/thirdparty.

     

     

    Carl_Windsor_FTNT
    Staff
    Carl_Windsor_FTNT
    Staff
    September 22, 2017

    It was a while ago and I have switch to a new set of products.  Let me ask the new product manager to take a look.

    Terms & ConditionsAccessibility statement