n59s7 (n59s7) asked a question.
Okta Radius with Netscaler Authentication Issue.
I have an issue where when enabling the MFA policy to our VPN server on the Netscaler, my credentials aren't being accepted. After looking at the logs, it's not even picking up my username, instead it lists as "user" instead of dean.lyons, which is my AD username.
WARN - Authentication failed for user User, reason --- Access denied. Invalid creds?
INFO - Completed processing. packetId=229, totalProcessingTime=1398ms, queueTime=0ms, oktaTime=1393ms, httpCode=200, result=FAILED,
The same is listed when looking at the logs via the Okta portal.
Any ideas?
Dean, not sure if this will help but did you confirm what Citrix app in Okta was expecting for user login? I normally have to define a custom attribute in Okta to see the username correctly like: ${f:substringBefore(user.login, "@")} and your user account is assigned to the application?
Derek
Hi Dean,
The error is pretty suggestive, indicating that you're inputting wrong credentials. To get this fixed, you should use the username you're assigned with in Okta to the Radius application. Also, enabling TLS 1.2 seems to help in a few use cases. You should go on your Windows Server , open up reg editor , navigate to HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node\]Microsoft\.NETFramework\4.0 and add a DWORD with name value = "SchUseStrongCrypto" and the variable value = 1. After this reg key has been added, do a reboot on the server and try again. If still doesn't fixes your issue, please open up a support ticket with us and we'll gladly take a look at your environment and further assist!
Regards,
Marius Fulga
Tier 2 Support
Hello Derek,
Thanks for posting your inquiry in Okta Community Portal.
If you receive a great answer to your question(s), please help readers find it by marking it the best answer. Hover over the answer and click "Best Answer."
Thank you,
Mike Davie
Okta Help Center