HP Groh Posted March 10, 2023 Share Posted March 10, 2023 Hi Guys!On Citrix Netscaler 'Gateway' I try to switch from 'Classic Authentication Policies' to 'Advanced Authentication Policies'.So I started configuring Multi-Factor (LDAP + RADIUS for OTP) via nFlow as described here...https://www.citrix.com/blogs/2021/08/04/citrix-tips-moving-off-deprecated-citrix-adc-features-for-citrix-gatewayThe problem is that after adding the 2nd factor (RADIUS), after successful authentication and while forwarding to StoreFront I get back 'Cannot complete your request'.If only the first factor (LDAP) is configured it works well.I figured out, that it is a SSO issue and I would have to check the 'Enable Single Sign On Credentials' checkbox in the loginschema of the 1st factor. With 'Enable Single Sign On Credentials' checked, SSO to StoreFront works withoud issue.But to get this checkbox checked, I must use a ADC Advanced/Premium license, but I do only have a Citrix Gateway License for production use.Is there a workaround to solve this issue and to get Two-Factor Auth working with 'Citrix Gateway License', 'Advanced Authentication Policies' and 'Store Front'?Please let me know.Best Regards,HP Link to comment Share on other sites More sharing options...
Hemang Raval Posted March 27, 2023 Share Posted March 27, 2023 Hello HP,This is reported as a bug internally and work is being done to fix it as soon as possible.Will update this thread for workaround if I come across any of them.Thanks and regards,Hemang Link to comment Share on other sites More sharing options...
Mika Sarberg Posted August 29, 2023 Share Posted August 29, 2023 Hello @Hemang Raval I just stumbled upon an issue that to me appears to be just the same as that of HP Groh.Difference is that I have a Standard license in my Netscaler and trying to use Azure MFA (SAML) as the second factor with on-prem LDAP being first factor.I cannot check the 'Enable Single Sign On Credentials' checkbox in the loginschema of the 1st factor and I keep getting the Cannot complete your request no matter what I try to do.Is this bug still not fixed? We are on 13.1 build 49.13.RegardsMika Link to comment Share on other sites More sharing options...
Hemang Raval Posted September 3, 2023 Share Posted September 3, 2023 Hello Mika,For multi factor, we do have inbuilt loginschema with SSO option selected by default as below:however since in SAML scenario above will not be applicable hence allow me sometime to revert back on same.Thanks and regards,Hemang Link to comment Share on other sites More sharing options...
Mika Sarberg Posted September 4, 2023 Share Posted September 4, 2023 Hello Hemang and thanks for responding!I had not noticed that this builtin loginschema existed with SSO option enabled. That is certainly a nice addition for customers with Standard license.But as you also pointed out, the DualAuth.xml will not work in scenarios such as the one I have. It would be great if you could also add a builtin loginschema with SSO enabled for SingleAuth.xml as well!I would be very happy if you could get back with some input regarding this request.RegardsMika Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now