Hi guys,
I've successfully configured AA radius plugin to enable MFA with Azure Radius/NPS server.
Everything works fine for both RDP and SSH connections as long as 2FA authentication is performed with OTP received by the user via SMS.
When 2FA is performed through approval on the app after push notification we got an error as you can see in following logs.
AA Plugin is configure with just radius server IP, Port and shared secret.
As far as you know do i need to configure something else inside plugin?
Thank's in advance
scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin call log follows; plugin_location='/opt/scb/var/plugins/aa/SPS_RADIUS/main.py'
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Logging initialized to level=debug
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Reading HTTPS proxy settings from config cache file
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): No HTTPS proxy server configured
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Authentication cache is turned off with 0 reuse limit
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): AA plugin authenticate hook result; verdict='NEEDINFO', gateway_user='None', gateway_domain='None'
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: ssh.policy(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Authentication needs more info; key='otp'
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin call log follows; plugin_location='/opt/scb/var/plugins/aa/SPS_RADIUS/main.py'
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Logging initialized to level=debug
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Reading HTTPS proxy settings from config cache file
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): No HTTPS proxy server configured
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Authenticating user vpntest with MFA identity of vpntest
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): RADIUS username is 'vpntest'
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Network timeout while talking to RADIUS server.
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): AA plugin authenticate hook result; verdict='DENY', gateway_user='None', gateway_domain='None'
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: ssh.policy(1): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Authentication was denied
