While performing a change on Netscaler to enable second factor authentication via RSA. I ran into an issue where in user would see an error that said "cannot complete your request STF:<storefront name>". The troubleshooting was difficult because the storefront server was not showing any error log that could indicate a possible issue.
To clarify what is done here are high level steps of what is being done to enable 2nd factor
- Find the authenticaiton vserver that is mapped to authentication profile of the Gateway VIP.
- Check the Authentication policy and bind RSA as Next Factor authentication and dont forget the add END after RSA.
- Go to Login Schema and upload the new XML file that has the page that we see for 2 factor authentication.
- Here this profile carries settings for SSO. If this is not enabled the credentials will not be passed on to Storefront.
- This last step is critical because previously SSO policy was configured to pass on the credentials to storefront now this is done as an option in login schema.
No comments:
Post a Comment