Johannes Norz Posted December 28, 2023 Posted December 28, 2023 I have a - more or less - complex n-factor flow. Users first log on using the user name and the password. Depending on several circumstances, some users have to use a RADIUS-based 2nd factor. Now, SSO to StoreFront works fine for all users that don't use a 2nd factor, while all users with 2FA fail. They use dedicated session policies, so I tried setting 1st factor in this session policy. It didn't work. I also tried creating a traffic policy and forcing the 1st factor to be sent to the Storefront server, but it failed as well. If I add a 3rd factor, LDAP again, SSO works just fine. Unfortunately, users hate typing their passwords twice, so my "solution" is not what my boss likes. However, it helped me narrowing down the issue. SSO always uses the last factor. Even if I use a two-password login dialogue. What can I do? Any idea on how to use a password of a previous factor? Thanks in advance Johannes
CarlStalhood Posted December 28, 2023 Posted December 28, 2023 Edit the Login Schema. Click More. There's a checkbox for Enable Single Sign On Credentials. 1
Johannes Norz Posted December 28, 2023 Author Posted December 28, 2023 2 hours ago, Carl Stalhood1709151912 said: Edit the Login Schema. Click More. There's a checkbox for Enable Single Sign On Credentials. Thanks, Carl, it had not been exactly what I had been looking for, but it had been helpful, I didn't know about these "hidden" attributes. This one would have been right, in case I use several dialogues. But it brought me to the right article: https://support.citrix.com/article/CTX219481/sso-fails-when-nfactor-is-used-adc. Using the "credential index" in a traffic policy solved my problem.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now