Jump to content

n-factor flow and SSOn

Johannes Norz

Recommended Posts

I have a - more or less - complex n-factor flow. Users first log on using the user name and the password. Depending on several circumstances, some users have to use a RADIUS-based 2nd factor.


Now, SSO to StoreFront works fine for all users that don't use a 2nd factor, while all users with 2FA fail. They use dedicated session policies, so I tried setting 1st factor in this session policy. It didn't work. I also tried creating a traffic policy and forcing the 1st factor to be sent to the Storefront server, but it failed as well. If I add a 3rd factor, LDAP again, SSO works just fine.


Unfortunately, users hate typing their passwords twice, so my "solution" is not what my boss likes. However, it helped me narrowing down the issue. SSO always uses the last factor. Even if I use a two-password login dialogue. What can I do? Any idea on how to use a password of a previous factor?


Thanks in advance



Link to comment
Share on other sites

2 hours ago, Carl Stalhood1709151912 said:

Edit the Login Schema. Click More. There's a checkbox for Enable Single Sign On Credentials.



Thanks, Carl, it had not been exactly what I had been looking for, but it had been helpful, I didn't know about these "hidden" attributes. This one would have been right, in case I use several dialogues. But it brought me to the right article: https://support.citrix.com/article/CTX219481/sso-fails-when-nfactor-is-used-adc. Using the "credential index" in a traffic policy solved my problem.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...