Jump to content
Welcome to our new Citrix community!

AAA - Reverse Proxy Authentication - Android Tablet / Spinning Circle

Paul Cross

Recommended Posts



Having a really strange issue, Configured reverse proxy via a Content Switch which includes a AAA vServer for authentication. The webapp (webapp.domain.com) redirects the user to (aaa.domain.com) for authentication before being redirected back. Authentication uses 2FA via Citrix Push notifications,


The problem is on certain devices when the webapp redirects to the AAA server it sits at the NetScaler AAA page with a spinning circle.



Win 10 laptop - working

My phone (Android 10) - working

iPad - working

Company tablet (Android 8)  - not working

Random unmanaged phone (Android 9)  - not working


I've narrowed it down to being the Advanced Authentication policies. If I use a basic LDAP policy all works on all devices. If I change to advanced and bind just the LDAP policy the problem returns.


I've tried different themes, logon schemas, etc.


Anyone any suggestions? The ADC is running the 13.0 47.24 release.


Regards. Paul.


Link to comment
Share on other sites

Been doing some testing this morning. I've noticed something a little strange between working and non-working devices. If I run trace on the NetScaler comparing working vs not they are the same up to the final step.


On the attached you can see the working client makes a POST request to /cgi/GetAuthMethods. Following the reply it then does a POST to /nf/auth/getAuthenticationRequirements.do




The non-working device makes the first POST but following the reply doesn't make the POST to  /nf/auth/getAuthenticationRequirements.do


Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...