Jump to content

Recommended Posts

Posted

Hello to all, 

I am currently implementing a two-factor auth for the Citrix Gateway via OTP. 

Everything is working great, I am just optimizing it. I would like to move the second factor to a seperate page. 
 

For tests, the second factor should only be displayed if the user is in a certain group; if he is not in this group, the next page should be skipped. 

I would do this via “AAA.USER.IS_MEMBER_OF(”otp-example-groupe“)”. in the authentication policy.

However, I need the passcode page separately for this 

I just don't know how I can implement this as a login scheme


 

My idea:

login.exampletest.com 

image.png.680978c0d1256310bd2212fe32ace2c6.png

Display 
Username: 
Password:

OK

Next page:

image.png.71409e3f091cb04e6100d6fc9aa3ddfe.png

Passcode:

Login

I would be happy to receive tips :) 

Posted

Hi, here you are able to copy some things of the script + pre-defined loginschema XMLs. I'm a fan of doing first Username-Only -> Next (Group Extraction in Background) followed by two different Loginschemas - Password Only or Password + OTP. Username is prefilled from previous factor in read-only so you can't manipulate that.

 

Hope that helps!

Best Regards

Julian

  • Like 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...