Jump to content
Welcome to our new Citrix community!

Issue with ADC 12.1 + Okta SAML +RFWebUI portal theme


Recommended Posts

Here is my story:

 

Currently running on production a pair of SDX's which are end of life. (only one appliance per sdx so total overkill)  Moving to VPX on vmware with pooled CPU licenses.  

 

The current production version of ADC is 12.0 57.19, with Okta as SAML IDP and LDAP secondary auth to do group extraction for AAA group VPN session policies.  Everything works.

 

To move to pooled CPU licenses I have upgraded a test ADC to latest 12.1 55.13.  License applied, all good.

 

However, now after authentication with Okta. I get the client choices page as expected by session policy.   When selecting Network access I get the message.  "The client is not capable of connecting to this server. please contact your helpdesk."

 

If I just use LDAP as primary then it works.  

 

If I change the Portal theme to default, Greenbubble or X1 then it works.

 

So it seems that there is an issue with SAML + RFWebUI.  Does anyone have any ideas?  I have a ticket logged with Citrix support but it is painfully slow going.  Wondered if the community had any clues?

 

- Tried less 'new' versions of 12.1 & 12.0 and get the same behaviour

- Tried spinning up a brand new VPX that has the most basic amount of config on and get the same behaviour.

 

We are using basic authentication policies here, would there be any merit switching these to advanced?

 

Glad to receive any advice, getting twitchy about running on old EOL tin. :56_anguished:

 

vpn.png

Link to comment
Share on other sites

This article might be related:  https://support.citrix.com/article/CTX227309 (though I know its an older version)

You saw that another theme would work, but have you tried configuring your okta + ldap as an nfactor policy (or have you tried that and its still not working)?

 

I don't know if there is any other way to work around this with RFWEBUI or if you would have to use another theme.

Link to comment
Share on other sites

On 1/15/2020 at 4:48 PM, Rhonda Rowland1709152125 said:

This article might be related:  https://support.citrix.com/article/CTX227309 (though I know its an older version)

You saw that another theme would work, but have you tried configuring your okta + ldap as an nfactor policy (or have you tried that and its still not working)?

 

I don't know if there is any other way to work around this with RFWEBUI or if you would have to use another theme.

 

On 1/15/2020 at 6:34 PM, Roman Dario Lemes Gonzalez said:

Hello, 

 

As Rhonda said. I will give it a try with nFactor with AAA vserver and see if still same behavior. If so, open a ticket with tech support because it’s most likely a bug unless a non-supported config I’m not aware of. 
 

thanks

 

Thanks.  I have tried AAA vServer today and I see the same behaviour.  Ticket has been escalated within Citrix support so will see what that brings.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...