Question

IFS Aurena ADFS with MFA

  • 1 March 2022
  • 3 replies
  • 134 views

Badge +2

Hi All, 

We have Apps 10 configured with ADFS. We have published Aurena via WAP for external access. When users are external they should be prompted for credentials + MFA, this used to work. But recently we noticed users are not being prompted for MFA.

As a test we changed our Access Control Policy to always force credentials + MFA on all sessions. Testing with IEE it prompts for credentials + MFA, testing with Aurena it only prompts for credentials no MFA. Not sure why this is happening, my understand was IEE and Aurena use the same configuration from the middleware server.

Has anyone experienced something similar? Any IFS partners out there with ADFS experience or deep knowledge on how middleware authenticates against ADFS?

Thanks,
Chris


This topic has been closed for comments

3 replies

Userlevel 7
Badge +21

Hi @CBlaze,

Not sure how your App registration is setup on ADFS side but one thing to look at is to see whether the app registration client id’s used in IFS Admin console are the same or different for Aurena (Client ID Web) and IEE (Client ID Native). If you are using the the 2 registration method rather than a single app registration, it’s possible you are applying the controls only against the IEE one. 

Cheers

Badge +2

Hi @Sajith D 

Thanks for the reply. ADFS is current configured in a single application mode. When I force MFA via access policy IEE always asks for MFA, but Aurena just seems to log in. 

We think the issue is causes by a delivery provided by IFS. After reviewing everything and looking at logs and confirming with users it appears to have happened after that was applied. 

I have a ticket open with support and waiting to hear back from them.

Userlevel 7
Badge +21

Hi @CBlaze ,

That is quite interesting. I’m quite keen to hear what happened in this case and would be great if you can update the post when you hear back from support.

Cheers,