Forum Discussion
NimbostratusExternal logon page and handling an authentication challenge.
We created an external login page that works fine if use a username/password combination. On our VPN, users are required to enter a pin that has been sent to them via SMS. Using the built in login page it works fine, you enter your login/ad password then it prompts you to enter the pin.
When I use the external page, it doesn’t work and I get:
The session reference number: 7b5d1caf Access was denied by the access policy. This may be due to a failure to meet access policy requirements. If you are an administrator, please go to Access Policy >> Reports : All Sessions page and look up the session reference number displayed above.
Any way to tell it to display that prompt, so we can enter the pin? We use RADIUS authentication.
Thank you,
Misty
1 Reply
GianricoEmployee
It look like the radius agent is assuming a "logon agent" to be present because it gets re-called to process the challenge input:
ar 13 03:25:02 bigip3 err apd[7387]: 01490000:3: ./AccessPolicyProcessor/Session.h func: "scheduleExecLastAgent()" line: 782 Msg: USession::scheduleExecLastAgent() - can not found the agent Mar 13 03:25:02 bigip3 warning apd[7387]: 01490140:4: 4b205b6f: RADIUS module: Logon agent instance is not available to be scheduled
The best thing to do is customizing the APM logon page so the look and feel is like the external page, instead of using an external logon page.
gianrico
