Cormac Long Posted January 13, 2023 Share Posted January 13, 2023 Currently i have a post epa check for a registry key configured in a session policy bound to Citrix Gateway. If this fails then VPN access is denied and user falls back to ICA (Storefront). This functionality broke when upgrading from 12.1 t o 13.0. I have a case open with CItrix support but I have been looking at migrating this to an epa check built into nfactor flow however i cant figure out how i can get it to perform the fallback part from VPN to ICA (storefront).Anybody ever done something similar or know if it is possible? Link to comment Share on other sites More sharing options...
Anchala Bansal Posted January 20, 2023 Share Posted January 20, 2023 Hello Cormac,For epa failure construct an epa policy same as pass, but add a ! in front of it. This will help to still continue with you authentciation flow and then you can use these failure/success groups in your sessisonaction or any policy you want and proceed. Something as follows:-add authentication epaAction epaact1 -csecexpr "sys.client_expr("proc_0_notepad")" -defaultEPAGroup EPA_PASS add authentication epaAction epaact2 -csecexpr "!sys.client_expr("proc_0_notepad")" -defaultEPAGroup EPA_FAILthen use EPA_FAIL group as your check for your sessionpolicy if needed(expression below) as follows:- "AAA.USER.IS_MEMBER_OF("EPA_FAIL")"HTH.. Link to comment Share on other sites More sharing options...
Cormac Long Posted February 2, 2023 Author Share Posted February 2, 2023 Thanks Anchala, will do some testing with this. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now