Jump to content
Welcome to our new Citrix community!

URL Is Promptig for authentication popup


Recommended Posts

Hi All,

 

Hope you all are doing great!

 

When i try to access URL it is prompting for authentication , but i have not configured any Authentication on LB VIP.

 

When we bypass LB VIP and try to directly access URL then i don't get authentication popup. Its only come when we try to access it via LB.

 

Can you please help me in fixing this out. I do not want authentication popup.

 

Regards,

shekhars.

Link to comment
Share on other sites

The adc will only prompt for authentication, if authentication is enabled...here are a few things to verify to see if authentication is actually enabled:

 

Are you using an LB vserver or is it an lb vserver behind a cs vserver?

If so, did you check to see if either the lb vserver or cs vserver have authentication enabled and either an fqdn (form-based or 401-based) or authentication profile specified. (If you have authentication unchecked, but still have settings or a profile associated, weird things can occur).  If the ADC is prompting for authentication, which method are you seeing: a path on /tmindex.htm or a browser-based pop-up window for 401-based.

show ns runningconfig | grep <lb vserver name>

show ns runningconfig | grep <cs vserver name>

show ns runningconfig | grep <authentication vserver name>

 

Are your users accessing the lb vserver directly or is it going through a vpn vserver that could also be imposing authentication?

Is there by any chance a responder policy or backup vserver specified that might be performing a redirect to a page that requires authentication?

If you clear cookies/cache do you get an authentication prompt on your bypass user (if so, then it is some other point prompting for credentials) such as proxy or the backend web site.

 

Can you confirm your fqdn resolves to the correct VIP that matches the lb vserver vip (and port) that you are expecting.

 

Link to comment
Share on other sites

Hi Rhonda,

 

Thanks for your reply.

 

Are you using an LB vserver or is it an lb vserver behind a cs vserver?
Its just a LB V server. At LB Server we have not configured any Authentication

Its a browser based pop-up window for 401-based.

Users are accessing it directly.No there is no responder policy or backup vserver configured.

We cleared cookied and tried results same for bypass user.

Yes FQDN resolves to correct IP, which matches to lb vip and port.

 

Regards,

shekhars

Link to comment
Share on other sites

Is there any other proxy in the mix for external users, because if you look on the lb vserver and its authentication is disabled and neither form-based, 401-based, or an authen profile is set, and you are sure it isn't behind a cs vserver or accessed via the gateway/vpn vserver as a clientless vpn or something...then the ADC can't be doing the authentication.

 

Unless I'm forgetting something really obvious.

Link to comment
Share on other sites

I agree that under similar test conditions, I would be looking at the load balancer first too.  

 

Can you show your lb vserver running config? (Feel free to sanitize name/ips)

show ns runningconfig | grep <lb_vsrv_name> -i

 

This will show the lb settings AND any  other features that reference this lb vserver. 

 

You may have to run a trace or have the web team look at the web server/web app config for any unexpected settings.  Hopefully, someone else will have a recommendation if we still don't find anything.

Link to comment
Share on other sites

Below is the output, not sure where it is prompting,

 

> show ns runningconfig | grep LB_VSERVER_SSL -i
add lb vserver LB_VSERVER_SSL SSL 1.1.1.1 443 -persistenceType SOURCEIP -cltTimeout 180 -appflowLog DISABLED
bind lb vserver LB_VSERVER_SSL service group
bind ssl vserver LB_VSERVER_SSL -certkeyName CERT.ABC.COM_2020
bind ssl vserver LB_VSERVER_SSL -eccCurveName P_256
bind ssl vserver LB_VSERVER_SSL -eccCurveName P_384
bind ssl vserver LB_VSERVER_SSL -eccCurveName P_224
bind ssl vserver LB_VSERVER_SSL -eccCurveName P_521

>

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...