Jump to content
Welcome to our new Citrix community!

nFactor password 1st radius 2nd on different pages


Recommended Posts

Hi,

 

I'm playing aroung with nFactor. I have a customer that uses SMS codes as second factor.

What I'm trying to acchieve with nFactor is the username/password is set on the first  page, then radius is queried and the SMS arrives on the phone. The second page only contains the box for SMS.

 

Is this possible with nFactor? And does anybody have some guidance what I should do. Normally I customize the .js files, however in this case that results in radius saying incorrect tokencode, enter tokencode which is not really nice. And it's unsupported customization. I would like to do it with supported nFactor :-) if possible.

 

Hope somebody has played around with it already.

 

Kind regards,

 

Mark

Link to comment
Share on other sites

Hi Mark,

 

I just finished an implementation similar to yours.

First ldap and afterward SMS authentication via Radius.

In my case, the radius was expecting to receive a request that contains username/ad password in order to validate and send the SMS.

I have created 2 policies labels, with 2 login schemas associated: 

First one was ldap that was using an xml schema based on the schema login-2-passwd.xml that can be found on citrix web site, second polic

Second was radius that was using noschema.  This schema just sent the same authentication as the previous one.

In the AAA Server, just link an Advanced Policy based on the LDAP Policy.  The Policy was configured to have radius as second next factor.

This is working as a expected.

 

Luc

Link to comment
Share on other sites

Hi Luc,

 

Thanks! And good to hear it can work with nFactor. Did you modify the login-2-passwd.xml file or just used the default one?

How did you configure your advanced authentication policies? Did you create 2, but only bound the LDAP policy with Radius as next factor?

 

Is it possible you share this part of your config?

 

Thanks in advance!

 

Kind regards,

 

Mark

Link to comment
Share on other sites

Hi Luc,

 

I'm curious about your config. I'm running into 2 errors.

 

1) Radius is expecting a challenge before it sends the SMS. I'm struggling a little how to configure this.

2) I noticed (but it can be a one time error) that Login Schema's break traffic policies. I noticed that authenticating with OWA SSO stopped working and also the traffic policy that destroys the session cookie.

 

Kind regards,

 

Mark

Link to comment
Share on other sites

  • 3 years later...
  • 7 months later...

hi !

 

this topic is still important for sms or email push over Radius e.g. Gemalto SAS SMS Token . it is desired that first factor ldap advanced policy and next factor only radius policy label with radius and noschema to initiate push - challenge response . the proposed scheme has three fields and i my tests username and password did not filled from the authentication policy - are there any other solution ?

thanks ragards

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...