Jump to content
Welcome to our new Citrix community!

Contect Switch for ADFS redirect problem


Matteo Abrile

Recommended Posts

Hello,

 

I use CS in Netscaler for redirect ADFS login. I use without issue with major application, now in last days I found 2 app that have problem: Cisco Jabber and Microsoft Teams (on Android and on some iOS)

WIth this application I can see my ADFS login fine, after login I see message Http/1.1 Service Unavailable. I have problem only for these application other like O365, Sharefile (also from mobile), Cisco Webex Meeting and many other work perfect.

 

Can you help me ?

 

Thanks

 

M. 

Link to comment
Share on other sites

Hello,

 

my policy is:

HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("login.abcd.eu")&& HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/adfs") || HTTP.REQ.HOSTNAME.SET_TEXT_MODE(IGNORECASE).EQ("login.abcd.eu") && HTTP.REQ.URL.SET_TEXT_MODE(IGNORECASE).CONTAINS("/federationmetadata/2007-06/federationmetadata.xml")

I don't understand why... first redirect work becouse I see my ADFS login page, so I think policy match correct, after login I see http/1.1 Service Unavailable message.

Thanks

 

M.

Link to comment
Share on other sites

Seeing the same issue and it seems to happen after an update of the iOS app of Teams and OneDrive. Worked before with the same setup where AD FS is reachable via a content switch and a load balancer with specific policies to replace the Microsoft WAP role for AD FS.

 

On Android it seems to work but only tested one device, also in all browsers (Windows, Android, iPhone) it is still working.

 

Still not found why this is happening. It is the content switch which says http/1.1 so normally it would mean there is no policy but I'm using only hostname to direct to the correct load balancer and the login process it self is working, it's just the redirect back to teams or onedrive which fails.

Link to comment
Share on other sites

Did some troubleshooting today. I added a plain IIS website as default load balancing virtual server to the content switch so I could see in the logging which url is requested. It seems to be pointing to the url of our AD FS environment..

 

For now I binded the non-addressable load balancer for ADFS as default load balancing virtual server to the content switch. Now things are working again in Teams and OneDrive but still looking for the cause.

Link to comment
Share on other sites

I have 2 different problem, with Cisco Jabber App (iOS and Android) I can see login adfs page, after login when back to Jabber have http/1.1 error, with Teams App (Android all device, iOS only some device) after click on Login button, I see for one second black screen and then back on first page with "network error, try connect again" message, in this case seem app try contact ADSF but can't.

 

In my CS I use before policy with hostname and /adfs, then try use only hostname but not change, I have problem.

 

If I try login in Jabber or Teams from PC everythings work fine.

 

Thanks

 

M.

Link to comment
Share on other sites

  • 1 month later...

I had a similar situation when loging into Teams from a Mac using ADFS, in which the ADFS page showed up, I could log in and then a HTTP1/1 error would appear.  The content switch was working as it showed the ADFS login page. After some digging it appeared to be caused by the fact that somewhere in the process, the ADFS was not addressed just by its hostname (i.e. sts.company.com), but had a port added to it (sts.company.com:443). As the content policy stated the hostname needed to be equal to "sts.company.com", there was no match with "sts.company.com:443", resulting in the HTTP1/1 error. Replacing the "Equal" condition with "Contains" solved the issue. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...