Ensure that you have enabled the Allow admin to retrieve passwords option under Universal Password Retrieval in the eDirectory user store for all users, so that the policy can retrieve the password from the user store. Without this configuration, the identity injection policy for user password will not work.
The identity Injection policy that uses user passwords will not work when accessing a resource through the MobileAccess app because the MobileAccess app uses OAuth token for basic authentication. If you require to use Identity Injection with user password for MobileAccess, you can enable the password retrieval in eDirectory, which is less secure and not recommended.
For more information about how to enable the password retrieval in eDirectory, see Universal Password Configuration Options in the Password Management Administration Guide.
NOTE:The password retrieval works only with eDirectory.
Perform the following steps:
Click Devices > Access Gateway > Edit > [Reverse Proxy name] > [Proxy Service name].
Select the Protected Resources tab.
Click the protected resource for which you want to configure an Identity Injection policy.
Select the Identity Injection tab.
Click Manage Policies > New.
Specify a name for the policy and select Access Gateway: Identity Injection for the policy type.
Click OK.
Configure the policy with the following details:
Action: Select Inject into Authentication Header.
User name: Select OAuth Claims > Access Token: User
Password: Select OAuth Claims > Password
Click OK > OK.
Select the policy you created and click Apply Changes > Close.
Select the Identity Injection policy and click Enable > OK.