- This topic has 8 replies, 3 voices, and was last updated 4 years, 5 months ago by Niccinator.
-
AuthorPosts
-
November 28, 2019 at 2:19 pm #51306
We’re not able to get 2fa with (SMS-PASSCODE) working in combination with NetScaler and Wyse.
With searching over the web, read the configuration pdfs, citrix forums we dont have any ideas anymore.
It works via a laptop fine but not with the Wyse TC. We get the message after inputting the 2fa code, “Invalid Credential, Please Retry”
Setup:
Netscaler version 13.0 41.20
WMS 1.4 with 3040 TCs on firmware 8.6_027
Radius NPS
Storefront 3.12Netscaler configuration:
Walkthrough with the Wizard, everything Green.
Only configured RSA and not RSA + Domain.
We changed the Session Policies with these expressions;
HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“CitrixReceiver”) && HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“WTOS/1.0”)
HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“CitrixReceiver”).NOT && HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“WTOS/1.0”).NOTWe tried a lot expressions also together with the HTTP User Agent option in WMS but non of them worked.
WyseManagementSuite Configuration (In our eyes relevant options):
Brokerserver= URL of the Netscaler
HTTP User Agent (8.6+)=WTOS/1.0
Netscaler Gateway Authentication= we got nothing enabled or configured here..Is there someone who got this setup configured and working? Or does somebody have a bright idea?
December 2, 2019 at 3:03 pm #51319Have you configured the “NetScaler Gateway Authentication Method” to “RSA” in WMS?
CG
December 3, 2019 at 3:52 pm #51323Thanks for the reply.
We tried that yes, but did not work. Is that needed to get it working?
Cause you get the extra field with login, and we prefer the pop-up to enter the Passcode instead.
December 6, 2019 at 2:02 pm #51345Which product do you use for SMS Passcode?
CG
December 9, 2019 at 10:25 am #51354SMS Passcode Version 10, on premise. (Entrust Datacard)
ThinOS supports sms passcode from Version 9.
January 16, 2020 at 3:15 pm #51568We got it workin finally. On the netscaler under the session profile > published applications. We had the web interface address filled in with the whole storefrontURL including the store. When we entered only the Base URL the job was done.
January 21, 2020 at 1:46 pm #51586SMS Passcode’s latest version has ‘push to verify’ instead of code, does ThinOS support this or do we have to wait for new firmware?
January 23, 2020 at 5:22 pm #51609AFAIK this is not supported. But, I am not sure.
CG
April 15, 2020 at 4:27 pm #52117Hi Thomas
We have a similar issue only with ThinOS Receiver Wyse 5010 Clients.
We changed the default prompt line “ExtInputNextCode =” in RSA RADIUS Configuration File (securid.ini)
After this change we receive the same message at the login “Invalid Credential, Please Retry”. But the ODA SMS Token is triggered and sent.
We Update the Wyse Client to 8.6_303 because of this notes but it does not solve the problem:
THINOS-2337
Resolved the issue where the SMS PASSCODE authentication does not work when attempting to connect to a Citrix session. -
AuthorPosts
- You must be logged in to reply to this topic.