I'm currently using custom sign in pages with my Sa2000 device. They were rebuilt after an upgrade. I am using an Entrust Identity guard (referenced as IG) system for first factor authentication, as well as token authentication. The IG system acts as a radius proxy, and the juniper device authenticates with it like it was a radius server. My problem is that I should be seeing challenges when signing in....and I'm not. Users are getting pretty darn confused because they won't know *what* they're supposed to be entering.
For example...it should tell the user when their password needs to be reset, when their PW reset is unsuccessful, as well as something along the lines of "Please enter the PIN from your token with serial nummber 900498304958". Entrust swares up and down that this issue is isolated to my IVE, and my config is 100% correct and they've used this setup many many times without any issues. They also claim to have tested it with my exact setup in their labs and have not been able to reproduce the issue. I have no support contract with Juniper and mangement isn't interested in purchasing one so I'm pretty screwed right now. Even if these is a fault with the IVE, I'm going to have a pretty hard time convincing Juniper to RMA it.
Has anyone experienced this issue? Any ideas as to what I could look at? The juniper logs tell me nothing. Right now I'm waiting on tcp dump files from Entrust's working system so I can compare packet by packet to see what's up... I probably won't be able to pick the problem out, but I figure it's worth a shot! Any more suggestions would be more than appreciated.