MFA (Multi Factor Authentication) options are not being displayed on the PCoIP Zero Client when authenticating to a VMware Horizon View Connection Server

Rate this Article
Average: 1.7 (3 votes)

April 19, 2021

Last modified: 09/18/2024, 8:43 pm

Knowledge Base Article Troubleshooting Security Third Party Enhancements Zero Clients

Problem

MFA (Multi Factor Authentication) options are not being displayed on the PCoIP Zero Client when authenticating to a VMware Horizon View Connection Server. The MFA challenge is only showing a short prompt regardless of which option you have configured in the [radius_server_challenge] section of your Authentication Proxy config file.

NOTE: this issue is resolved in PCoIP firmware 23.12.0

Cause

The new features built into newer MFA appliances now contain more data in their response, such as listing additional devices and/or methods in the challenge, that exceeds the data limit that is permitted in the firmware. Once the limit is exceeded, the challenge will fall back to the "short" prompt format regardless of which option you have configured in the [radius_server_challenge] section of your Authentication Proxy config file. See examples below from Duo & OKTA MFA....

 

Expected response from Duo MFA

rtalimage

 

Expected response from OKTA MFA

rtalimage

 

PCoIP Zero Client response

rtalimage

 

 

Resolution

NOTE: The image is to demonstrate the zero client is receiving more information than the data limit for the firmware.
The only work around if you encounter this issue is to enter the correct number in the Next Response box and the MFA should work as expected.

All releases of the PCoIP Zero Client Firmware prior to 23.12.0 have this limitation.

This issue is resolved in PCoIP firmware 23.12.0