Some customers are not using ID/PWD as credentials to system but are using two factor authentication logons (two pieces is something you have and something you know). We are using both RSA SecurID and a OTP password generator from Mideye.
One problem we got with the OTP was that SSO stopped working with “wrong username and password”. This was caused by the F5’s variables saving the OTP password instead of the domain password.
Example with SSO not working
- Logon to the portal using domain\userid and P@ssword
- Getting the OTP on SMS (123456)
- Open a Citrix/RDP session (Firepass sends domain\userid and 123456)
- Getting error message “wrong username and password”
Change the SSO password to the domain user password entered
- Logon to the F5 Firepass admin interface (web)
- Users > Groups > Master Groups
- Open the correct Master Group
- Go to the “SSO” tab
- Change/add %username% as the Username:
- Change/add %primarypassword% as the Password:
- Click Update