SecureAuth IdP Version affected: All
Description: When logging into a Self Service realm set to show Push Notification and OTP Devices, either or both are missing despite the User being able to still successfully use these as Multi-Factor Methods
Cause: The Data Tab settings are different from the Enrollment Realm vs the Self Service Realm.
Resolution:
In order for the Self Service realm to show these details, the User needs to log in using the same format (SamAccountName vs UserPrincipalName) as they did for the enrollment realm.
If this is not possible, you can use the Transformation Engine edit the Authenticated User ID so it appears to match what was used on the Enrollment realm.
1. Open the Admin Console and select the Self Service realm
2. Select the DataTab
3. Edit AuxID1 (or any AuxID that is not in use)
3a. If you're logging in with SamAccountName, set AuxID1 to UserPrincipalName
or
3b. If you're logging in with UserPrincipalName, set AuxID1 to SamAccountName
4. Click The Post Auth Page
5. Click Transformation Engine
6. Enable the Transformation Engine and Edit UserID so it appears as
<UserID>
<xsl:value-of select="user/AuxID1" />
</UserID>
7. Save the changes
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.