Forum Discussion
draco_184361
Nimbostratus
NimbostratusCitrix Receiver via accessing with 2fa not RSA radius server
Dear All
We have a scenario where the user logs in via citrix receiver which is hosted via f5 , we have enabled AD auth through apm and all is working fine.
But now we need to add 2fa .It is not RSA but a radius server. We did it for if the user logs in via web browser and everything is working fine.We tested it out . But when we do the same flow for if the user uses citrix receiver to access , then its giving wrong credentials.
We gave in VPE
Radius AUTH->AD auth and SSO and still its not working.if we put in the AD auth and then RADIUS AUTH , then the radius server doesn't get any hits.So we put as RADIUS AUTH then AD AUTH .it hits radius server and we can see radius is sending an accept-accept response as well but yet the credentials is not getting authenticated.
We have been at it for a while now and its getting frustrating.I dnno what more to do.I tried using variable assign for username and password as well , so that its info is passed on for AD auth bu under event system access logs, it keeps giving pre authentication has failed.
PLEASE LET ME KNOW WHAT TO DO .
Thank you
Yann_Desmarest_Nacreous
Hello,
How is your citrix receiver configured ? username/password or username/password/passcode ?
Is it Citrix Receiver for Windows ? Which version of BIG-IP are you running ?
Citrix Receiver for IOS support natively 2-factor authentication but for Windows, you need to be in 11.6.0 HF4 at least and there is a special variable to add in the vpe :
We used variable assign agent with "session.citrix.client_auth_type = expr {"1"}" in front of Logon Page agent. All Receivers can detect two-factor auth in Storefront proxy mode.
draco_184361In the vpe, we have first given to check which type of client request is coming from, the client type if checked citrix reciever , we gave citrx logon prompt , in that we gave two factor mode type. So in logon page , its username ,password and passcode.. Its for windows,ipad as well. Ok so there is required of firmware version for it to work with windows. Hmm.. But what is the flow u give in vpe ?we ll try to make it work in ios atleast then..- Bonh_155404Hi all Thanks for this post, it has been very useful. I have a question: once you enable Citrix Authentication Type=two-factor and the use enter the passcode in Citrix Receiver, what is the variable to use for retrieving the passcode value in VPE? Thanks Bonh
Yann_DesmarestCirrus
Hello,
How is your citrix receiver configured ? username/password or username/password/passcode ?
Is it Citrix Receiver for Windows ? Which version of BIG-IP are you running ?
Citrix Receiver for IOS support natively 2-factor authentication but for Windows, you need to be in 11.6.0 HF4 at least and there is a special variable to add in the vpe :
We used variable assign agent with "session.citrix.client_auth_type = expr {"1"}" in front of Logon Page agent. All Receivers can detect two-factor auth in Storefront proxy mode.
- draco_184361In the vpe, we have first given to check which type of client request is coming from, the client type if checked citrix reciever , we gave citrx logon prompt , in that we gave two factor mode type. So in logon page , its username ,password and passcode.. Its for windows,ipad as well. Ok so there is required of firmware version for it to work with windows. Hmm.. But what is the flow u give in vpe ?we ll try to make it work in ios atleast then..
- Bonh_155404Hi all Thanks for this post, it has been very useful. I have a question: once you enable Citrix Authentication Type=two-factor and the use enter the passcode in Citrix Receiver, what is the variable to use for retrieving the passcode value in VPE? Thanks Bonh
- Parag_Parab
Employee
I am facing the exact same isssue, did you manage to get the issue resolved ?
