Hello,

If you are using Wyze terminals or receiver clients, I think that SMS authentication is not supported by the client side.

But when you access your citrix apps using the webtop, it should works. Pay attention that the session.logon.last.username variable will be used by the radius auth. So that you need to save the username in an extra variable before radius auth occurs (e.g. session.logon.last.username1) and change the SSO Credential mapping username to fit that change

APM policy for SecurID and RADIUS look similar, you would have to change the logon pages and authentication objects to use RADIUS server AAA object rather then SecurID. The manual configuration section of the deployment guide deployment guide lists the various APM policy's created by the iApp (Beginning on page 62) if you would like to try the setup manually. I would suggest running the iApp using the SecurID two factor option and then modify the noted portions to use RADIUS AAA profile rather than SecurID.

Resolved.

I had Radius auth just after AD auth and Radius authentication rewrited session.logon.last.password variable. So I saved it to session.logon.last.password1 before Radius was called and when Radius auth is done, I restored saved value back to session.logon.last.password so SSO can use correct password. Maybe there is more elegant version, but this works, so am happy :).

Hi,

Radius auth does not rewrite password, it requires password to be stored in session.logon.last.password.

It seems that your VPE tree is:

Logon (User / AD password) --> AD Auth --> Logon (SMS password) --> Radius Auth --> SSO Credential mapping

it is the second logon page which replace password.

You can change box order to put SSO credential mapping before Radius Auth:

Logon (User / AD password) --> AD Auth --> SSO Credential mapping --> Logon (SMS password) --> Radius Auth