I have recently attempted to set up an Authorization Policy for a proxy service in Access Manager to force users to reauthenticate with netIQ MFA if they are connecting to the proxy service from an IP address external to the organisation. I have a basic username/password authentication procedure set up on the route, and the step up rule on the Authorization section.
The flow works as expected, with users on an external IP address being asked to pass MFA after providing their username and password. However, once the user passes MFA the user is presented an Access Manager page reporting "Resource is not available"
Users connecting internally pass the basic authentication contract and gain access to the resource as expected.
Does anyone have any thoughts on why this might be happening? I can provide any further details people might need.