We're using the citrix login prompt APM module in v12. The only setting visible is the Citrix Authentication Type of either domain-only or two-factor. If I use two factor, what session variable does the extra field write into?
I don't know off the top of my head but you can easily dump the session variables used for a particular session.. log on to the portal and do the following once logged in:
sessiondump --allkeys | grep <your-username>
grab the session ID
6e21cae0.session.logon.last.logonname 3 <your-username>
list all the session variables used for that session:
sessiondump --sid 6e21cae0
Does that list session variables that aren't visible in the session variables report through the UI? I dont see a second password in the session report in the UI and I believe that may be because it's listed as a password type variable and not displayed? Totally guessing. I will try this and see if I can see anything.
It will list all the sessions variables for that particular session, you can get additional session variables by changing the log level from notice to debug but you shouldn't leave this running longer than necessary.
Are you able to share a screenshot of your VPE? This may help identify the variable
We've finally gotten it to work. Here's a write-up of how to get the F5, already working as a frontend to Citrix, to use Duo.
Citrix, Duo, and the BIG-IP system
Craig, you seem to have a pretty thorough setup that is similar to mine. From your blog link, I see you were setting up APM with Citrix Storefront (not using APM Webtop), did you attempt at all to get the Citrix HTML5 client working? It's working for us only if we replace the Storefront with the APM Webtop - if we try to use HTML5 with Storefront, we just get a black screen. Curious to see if anyone has that working.
Yes we did get the HTML5 working and we aren't using the webtop. The bottom flow in the APM is for browsers.