Description: I am using WSO2 Identity Server with Integrated Windows Authentication (IWA) and Kerberos for authentication. I have configured SMS OTP as a second authentication step.

Problem: When using Basic Authentication, SMS OTP works fine, and the user receives an OTP. When using IWA (Kerberos Authentication), the user gets authenticated, but fails with "User not found in the directory" when fetching claims for SMS OTP. The mobile claim is not being retrieved from the user store, causing the SMS OTP step to fail. WSO2 Environment: WSO2 Identity Server version: [Specify your version] User store: Active Directory (AD) via LDAP Multi-attribute login enabled: Yes (sAMAccountName, mail, etc.) Authenticator configuration: IWA (Kerberos) + SMS OTP

What I Have Tried Checked IWA Authentication:

User logs in via IWA successfully. However, the username retrieved may not match AD's search filter. Checked Mobile Claim Retrieval:

sAMAccountName and mail claims are retrieved correctly. Mobile claim () is missing when using IWA.