Hi guys,
I'm running SPS 6.9.3 and i've configured AA radius plugin to perform MFA against Azure Radius/NPS.
Everything is working fine for both RDP and SSH sessions as long as 2FA is performed with OTP received by the user via SMS, when 2FA is performed instead through approval on the app after push notification we got an error as you can see in following logs.
AA plugin is configured with just radius ip, port and shared secret.
As far as you know do i need to configure something else to let works app approval?
scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin call log follows; plugin_location='/opt/scb/var/plugins/aa/SPS_RADIUS/main.py'
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Logging initialized to level=debug
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Reading HTTPS proxy settings from config cache file
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): No HTTPS proxy server configured
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Authentication cache is turned off with 0 reuse limit
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): AA plugin authenticate hook result; verdict='NEEDINFO', gateway_user='None', gateway_domain='None'
2022-06-23T10:57:57+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: ssh.policy(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Authentication needs more info; key='otp'
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin call log follows; plugin_location='/opt/scb/var/plugins/aa/SPS_RADIUS/main.py'
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Logging initialized to level=debug
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Reading HTTPS proxy settings from config cache file
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): No HTTPS proxy server configured
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Authenticating user vpntest with MFA identity of vpntest
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): RADIUS username is 'vpntest'
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Plugin(aa/SPS_RADIUS/main.py): Network timeout while talking to RADIUS server.
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: scb.info(4): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): AA plugin authenticate hook result; verdict='DENY', gateway_user='None', gateway_domain='None'
2022-06-23T10:58:18+02:00 it01pamtim01.ictdomain.local zorp/scb_ssh[806]: ssh.policy(1): (svc/oxXSqRMRJB1SQhRW6PAAvX/Fiera_AEM_DEV_MFA:16/ssh): Authentication was denied
Thank's in advance
