January 29, 2019 at 6:32 pm #24603AJAY SURIParticipant
I have a authentication chain used for login that uses JDBC –> Device ID –> RBA –> HOTP –> Device Save
It works fine for every user created in the database with a corresponding profile in the embedded user store.
I have a policy configured to step-up the authentication when the user tries to access certain resources (on Apache web server protected through a web agent). The policy requires users to authenticate through SMS OTP.
For one user (demo), the step-up works fine as the OTP entered is accepted and user goes back to protected resource.
For all my other users, SMS OTP is sent successfully during step-up process but when the user enters the OTP, AM doesnt redirect the user back to protected resource. I dont see any authentication error as well. The logs seem to suggest AM succesfully validated the OTP.
Any idea why certain users wouldnt successfully be redirected back?
AM version is 6.5
Webagent is also the latest one available for 6.5 and Apache 2.4February 5, 2019 at 9:48 pm #24693william.heplerParticipant
Is there any different Realm being used for your other users?
Demo likely is in the global realm. Starting in Agents 5, the Agent always tries to send you to global realm. You need to use as an example:
To redirect to a specific realm.February 6, 2019 at 7:48 am #24696AJAY SURIParticipant
Yes, all users in same realm.
Initial login works fine for all users.
Its only when step-up is enforced through HOTP for some sensitive resources that demo gets redirected successfully but others dont.
You must be logged in to reply to this topic.