Jump to content
Welcome to our new Citrix community!

Citrix Netscaler (ADC) Email OTP


Tom Swift

Recommended Posts

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/email-otp.html

 

After following the above article we almost got it working, at least we think.  Before adding the email section we at least were able to enter username and password and get to an Email Registration screen.  Nothing we entered there worked.  After adding the #Email section via the CLI we just immediately get a cannot complete your request after entering username and password.  Also, does someone know if another field in Active Directory, other then userParameters can be used because we were also wanting to use NFACTOR and it uses the same field.

 

#Create OTP Virtual Server
add authentication vserver EMAIL_AUTH_VSERVER SSL 0.0.0.0
bind ssl vserver EMAIL_AUTH_VSERVER -certkeyName SSL
add authentication authnProfile EMAIL_authnprofile -authnVsName EMAIL_AUTH_VSERVER
unbind vpn vserver VirtualServer -policy LDAP_Pol
set vpn vserver VirtualServer -authnProfile EMAIL_authnprofile

bind authentication vserver EMAIL_AUTH_VSERVER -portaltheme RfWebUI
bind vpn global -userDataEncryptionKey SSL

add authentication ldapAction ldap -serverIP 192.168.20.10 -serverPort 389 -ldapBase "dc=mycorp,dc=com" -ldapBindDn ldapserviceacct@mycorp.com -ldapBindDnPassword Password987! -ldapLoginName samAccountName
add authentication Policy ldap -rule true -action ldap

add authentication ldapAction ldap_email_registration -serverIP 192.168.20.10 -serverPort 389 -ldapBase "dc=mycorp,dc=com" -ldapBindDn ldapserviceacct@mycorp.com -ldapBindDnPassword Password987! -ldapLoginName samAccountName -KBAttribute userParameters -alternateEmailAttr userParameters
add authentication Policy ldap_email_registration -rule true -action ldap_email_registration

add authentication loginSchema onlyEmailRegistration -authenticationSchema /nsconfig/loginschema/LoginSchema/AltEmailRegister.xml
add authentication policylabel email_Registration_factor -loginSchema onlyEmailRegistration
bind authentication policylabel email_Registration_factor -policyName ldap_email_registration -priority 1 -gotoPriorityExpression NEXT

bind authentication vserver EMAIL_AUTH_VSERVER policy ldap -priority 1 -nextFactor email_Registration_factor -gotoPriorityExpression NEXT

#EMAIL
add authentication emailAction email -userName mailbox@mycorp.com -password Password987! -encryptmethod ENCMTHD_3 -serverURL "smtps://smtp.office365.com:25" -content "OTP is $code" -defaultAuthenticationGroup emailgrp -emailAddress "aaa.user.attribute(\"alternate_mail\")"
add authentication Policy email -rule true -action email

add authentication policylabel email_Validation_factor
bind authentication policylabel email_Validation_factor -policyName email -priority 1 -gotoPriorityExpression NEXT

bind authentication vserver EMAIL_AUTH_VSERVER -policy ldap -priority 1 -nextFactor email_Validation_factor -gotoPriorityExpression NEXT

EmailOTP.jpg

Link to comment
Share on other sites

  • 6 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...