Hello,
I installed the adfs agent v.2 on my ADFS 2019 and everything seems to be configured correctly.
The only problem is that the user is asked to login with the domain user and it can be both in the format [domain]\[userid] or [userid]@domain.com, and when the RSA ask for the passcode it fails to be recognized I think because RSA is expecting it with no domain I tried the same login with Checkpoint integrated with RSA and it works the same, if I put only the UserId it works, if I try to put the domain it doesn't.
What can I do in order to let the agent send only the UserId even if I have to insert the domain\user in the ADFS form?
Ok, I applied some other change but still not working.
I modified the Identity source in order to Map the userid to the userPrincipalName instead of the samAccountName.
I also modified the Local Group Policy on the adfs setting the ADFS User Name format to UPN and I can see that now on the logs the userid is sent as [userid]@[domain].com and I checked on the Authentication manager and the users are now shown as [userid]@[domain].com
I tested the user from the SelfPortal test functionality and on a checkpoint client and they both work using [userid]@[domain].com but when I try from the ADFS login page it fails: "Authentication failed."
So I just guess the the change I did was not really necessary, previously the agent was sending the userid and the Authentication Manager was using the same format.
I can't understand what is the problem from the logs, there is communication between ADFS and the Authentication Manager, it just fails as the Passcode was wrong
Another interesting thing is that I can't see the call in the Authentication Monitor at all...