Running CA Access Gateway (SPS) integrated to VIP Authentication Hub for MFA, once the protected resource is accessed, user inputs the Username and Password, it's observed the Invalid Credentials issue.

There was no redirect happening to the VIP AuthHub for the secondary authentication.

Looking at the Policy Server logs, everything looks fine, but the CA Access Gateway (SPS) complained about that the user is not Authenticated by the Policy Server.

If the .fcc file has smretries set to a number greater than 0, this issue might occur (1).

Using the out of the box login.fcc, and setting smretries=0, solves the issue.

1. "Unable to verify tryno count" error