Hi
We’ve activated policy for users
enroll_via_multichallenge - EMAIL
passthru - userstore
When user authenticates with the login and password on citrix netscaler gateway, then token is being created automaticaly with property dynamic_email - true and PI asks “Please enter your new email addrees!”
If user refreshes page (F5) token saved with property dynamic_email
If user enters correct address, token change email address and sends OTP
But when user enters incorrect adress - blank or without @, after timeout citrix gateway authenticates user without OTP and all next attempts will be succeded.
Can you
Add new policy which disables request for new email (manual input), only dynamic
If user enters blank adress, token saved as dynamic
Checking correction of email address for @ sign presence
Also there is a bug: when policies “challenge_text”, “challenge_text_footer”, “challenge_text_header” are actvated, then message “Please enter your new email addrees!” is being replaced with values of these policies.
I think there is little misunderstanding. I mean that if a user logins for the first time and doesn’t have any tokens yet instead of hard coded “Please enter your email address!”, header challenge text + footer challenge text are displayed (which should be displayed when asking for OTP).