Tom Swift

Recently attempted to deploy Citrix Secure Private access using 2402 LTSR in our on-prem environment. Everything appears to have been configured correctly, but we are not seeing the test application enumerate in Storefront when we sign in. Please find attached a screenshot of our Storefront server Delivery controller settings. It appears to be pretty simple. Have a delivery controller for "Secure Private Access" that points to our configured SPA server. Yet the behavior is as if it is not getting and information from the SPA server. Any tips someone that's gotten this to work would be greatly appreciated.

https://docs.citrix.com/en-us/citrix-adc/current-release/aaa-tm/authentication-methods/email-otp.html After following the above article we almost got it working, at least we think. Before adding the email section we at least were able to enter username and password and get to an Email Registration screen. Nothing we entered there worked. After adding the #Email section via the CLI we just immediately get a cannot complete your request after entering username and password. Also, does someone know if another field in Active Directory, other then userParameters can be used because we were also wanting to use NFACTOR and it uses the same field. #Create OTP Virtual Server add authentication vserver EMAIL_AUTH_VSERVER SSL 0.0.0.0 bind ssl vserver EMAIL_AUTH_VSERVER -certkeyName SSL add authentication authnProfile EMAIL_authnprofile -authnVsName EMAIL_AUTH_VSERVER unbind vpn vserver VirtualServer -policy LDAP_Pol set vpn vserver VirtualServer -authnProfile EMAIL_authnprofile bind authentication vserver EMAIL_AUTH_VSERVER -portaltheme RfWebUI bind vpn global -userDataEncryptionKey SSL add authentication ldapAction ldap -serverIP 192.168.20.10 -serverPort 389 -ldapBase "dc=mycorp,dc=com" -ldapBindDn ldapserviceacct@mycorp.com -ldapBindDnPassword Password987! -ldapLoginName samAccountName add authentication Policy ldap -rule true -action ldap add authentication ldapAction ldap_email_registration -serverIP 192.168.20.10 -serverPort 389 -ldapBase "dc=mycorp,dc=com" -ldapBindDn ldapserviceacct@mycorp.com -ldapBindDnPassword Password987! -ldapLoginName samAccountName -KBAttribute userParameters -alternateEmailAttr userParameters add authentication Policy ldap_email_registration -rule true -action ldap_email_registration add authentication loginSchema onlyEmailRegistration -authenticationSchema /nsconfig/loginschema/LoginSchema/AltEmailRegister.xml add authentication policylabel email_Registration_factor -loginSchema onlyEmailRegistration bind authentication policylabel email_Registration_factor -policyName ldap_email_registration -priority 1 -gotoPriorityExpression NEXT bind authentication vserver EMAIL_AUTH_VSERVER policy ldap -priority 1 -nextFactor email_Registration_factor -gotoPriorityExpression NEXT #EMAIL add authentication emailAction email -userName mailbox@mycorp.com -password Password987! -encryptmethod ENCMTHD_3 -serverURL "smtps://smtp.office365.com:25" -content "OTP is $code" -defaultAuthenticationGroup emailgrp -emailAddress "aaa.user.attribute(\"alternate_mail\")" add authentication Policy email -rule true -action email add authentication policylabel email_Validation_factor bind authentication policylabel email_Validation_factor -policyName email -priority 1 -gotoPriorityExpression NEXT bind authentication vserver EMAIL_AUTH_VSERVER -policy ldap -priority 1 -nextFactor email_Validation_factor -gotoPriorityExpression NEXT