Cannot login as an IPA user after enabling 2FA(Password + OTP) in IPA

Issue

Unable to login as an IPA user after enabling 2FA(Password + OTP) in IPA.
If 2FA(Password + OTP) and Password authentication is enabled for an IPA user, login fails with:

[root@rhel7-ipa-1 ~]# ipa user-show  otpuser
  User login: otpuser
  First name: otp
  Last name: user
  Home directory: /home/otpuser
  Login shell: /bin/sh
  Principal name: otpuser@GSSLAB.PNQ2.REDHAT.COM
  Principal alias: otpuser@GSSLAB.PNQ2.REDHAT.COM
  Email address: otpuser@gsslab.pnq2.redhat.com
  UID: 849600010
  GID: 849600010
  User authentication types: password, otp   <----------
  Account disabled: False
  Password: True
  Member of groups: ipausers
  Kerberos keys available: True

[root@rhel7-ipa-1 ~]# ssh otpuser@localhost
otpuser@localhost's password:  <------------- password + otp
Permission denied, please try again.

Environment

Red Hat Enterprise Linux(RHEL) 7.1 or Later
sssd-1.15.2-50

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

New to Red Hat?

Learn more about Red Hat subscriptions

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.

Log in to Your Red Hat Account

Red Hat Account

Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

JBoss Development and Management

JBoss Integration and Automation

Mobile

Services

Tools

Red Hat Product Security Center

Security Updates

Resources

Customer Portal Community

Customer Events

Stories