- This topic has 8 replies, 3 voices, and was last updated 4 years, 4 months ago by
.
-
Posts
-
We’re not able to get 2fa with (SMS-PASSCODE) working in combination with NetScaler and Wyse.
With searching over the web, read the configuration pdfs, citrix forums we dont have any ideas anymore.
It works via a laptop fine but not with the Wyse TC. We get the message after inputting the 2fa code, “Invalid Credential, Please Retry”
Setup:
Netscaler version 13.0 41.20
WMS 1.4 with 3040 TCs on firmware 8.6_027
Radius NPS
Storefront 3.12Netscaler configuration:
Walkthrough with the Wizard, everything Green.
Only configured RSA and not RSA + Domain.
We changed the Session Policies with these expressions;
HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“CitrixReceiver”) && HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“WTOS/1.0”)
HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“CitrixReceiver”).NOT && HTTP.REQ.HEADER(“User-Agent”).CONTAINS(“WTOS/1.0”).NOTWe tried a lot expressions also together with the HTTP User Agent option in WMS but non of them worked.
WyseManagementSuite Configuration (In our eyes relevant options):
Brokerserver= URL of the Netscaler
HTTP User Agent (8.6+)=WTOS/1.0
Netscaler Gateway Authentication= we got nothing enabled or configured here..Is there someone who got this setup configured and working? Or does somebody have a bright idea?
Have you configured the “NetScaler Gateway Authentication Method” to “RSA” in WMS?
CG
Thanks for the reply.
We tried that yes, but did not work. Is that needed to get it working?
Cause you get the extra field with login, and we prefer the pop-up to enter the Passcode instead.
SMS Passcode Version 10, on premise. (Entrust Datacard)
ThinOS supports sms passcode from Version 9.
We got it workin finally. On the netscaler under the session profile > published applications. We had the web interface address filled in with the whole storefrontURL including the store. When we entered only the Base URL the job was done.
SMS Passcode’s latest version has ‘push to verify’ instead of code, does ThinOS support this or do we have to wait for new firmware?
Hi Thomas
We have a similar issue only with ThinOS Receiver Wyse 5010 Clients.
We changed the default prompt line “ExtInputNextCode =” in RSA RADIUS Configuration File (securid.ini)
After this change we receive the same message at the login “Invalid Credential, Please Retry”. But the ODA SMS Token is triggered and sent.
We Update the Wyse Client to 8.6_303 because of this notes but it does not solve the problem:
THINOS-2337
Resolved the issue where the SMS PASSCODE authentication does not work when attempting to connect to a Citrix session.
- You must be logged in to reply to this topic.