<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
System Status
Announcements
Announcements
Search
Search
Select Language
Knowledge Base
Knowledge Articles
Support Videos ↗
Documentation
Product Documentation ↗
Developer Documentation ↗
Product Release Notes ↗
Community
Events & Webinars
Okta Ideas ↗
Resources
Product Hub
Customer Success Hub
Product Release Update
Learning
Okta Learning ↗
Get Support
Open a Case
HomeCommunityForum
0D54z000092wqhnCAAOkta Classic EngineAuthenticationAnswered2024-06-22T09:00:36.000Z2023-04-10T19:23:50.000Z2023-04-12T19:28:44.000Z

gyp8v (gyp8v) asked a question.

April 10, 2023 at 7:23 PM
Yubikey and application recognition with RADIUS and password/code entered together

I'm helping and Okta customer authenticate VMWare Horizon with Okta. The mobile part works as expected with the push to the app, but Yubikey doesn't. I've checked the option that the authentication can be entered concurrently by providing the password followed by a comma then the code.

 

If the user does that with the Yubikey, the enter <password><,><press key> in one go but the authentication always fails.

in the Okta log however, I see a success, except that when the user authenticates with the pop-up, the VMWareHorizon line appears under the authentication success but with the Yubikey it just says success without providing any authentication name.

In both case, it's the same server making the RADIUS request as defined in the application definition.

 

As I don't have much other options, i wonder if anyone could share an approach to resolve this.

  • 4 answers
  • 536 views

  • Mihai N. (Okta, Inc.)

    Hi @gyp8v (gyp8v)​ , Thank you for reaching out to the Okta Community!

     

    Looking at the documentation for VMWare Horizon implementation, there seems to be a caveat for the use of Yubikey depending on the protocol used. 

    Please check it out to see if it applies to your use case, if you haven't already: 

    https://help.okta.com/en-us/Content/Topics/integrations/vmware-horizon-radius-intg.htm

     

     

    If my answer helped, remember to mark it as best to increase its visibility for other members of the Okta Community who might have the same questions as you. 

     

    Hope my answer helps! 

    --------------------------------

    Community members help others by clicking Like or Select as Best on responses. Try it today.

    Expand Post

    • gyp8v (gyp8v)

      Dear @Mihai N. (Okta, Inc.)​ ,

       

      Thanks for the reply. I've checked the documentation it states that challenge is not supported. So the format is Username: user /pass:password,yubi press key in one string.

      In the Okta systems logs, it shows a successful authentication without showing the application name but VMWare gets an authentication failure.

      By using the push with Okta Verify, VMWare succeeds and the Okta log shows a successful authentication along with VMWare Horizon as application name.

       

      I've tried minor variations like using the UPN or the username+domain and so on, this always provides the same output.

       

      Kind regards,

      Alex

      Expand Post

      • Mihai N. (Okta, Inc.)

        The I recommend opening a case to work with one of our Support Engineers to find out if there's anything else to be done.

      • gyp8v (gyp8v)

        Thanks for the recommendation. However there is no support contract for this customer at Okta. I will keep on looking, otherwise I will work with them on an alternative approach to the keys for users who can't use the Okta Authenticator app.

This question is closed.
Loading
Yubikey and application recognition with RADIUS and password/code entered together