Jump to content
Welcome to our new Citrix community!


Grega Zoubek

Recommended Posts

Hello gurus...

we are trying to integrate Netscaler with DUO over OAUTH for "behind the scene" second factor authentication. LDAP as first factor and then we plan to do OAUTH call to DUO that will send push notification.

What we struggle with sending addtional attributes that DUO requires. In OAUTH Action on Netscaler Attribute field seem to be only for atribute extraction FROM JWT, not to add them. Is there any viable solution where we could insert addtional attributes that DUO requires into JWT?

F5 has very detailed how-tp procedure with iRules - and it works flawlessly.

Thank you very much for any insigts


P.S. SAML cannot be used as we do not want users to be redirected to DUO page

Link to comment
Share on other sites

Use case - After LDAP auth, user receives PUSH from DUO on his device

Specific attributes we need to send:

CleanShot2023-09-27at13_37.05@2x.thumb.png.ecf8c54caee9769de3a12c0c184101f3.pngMore you can find here:


F5 logic (if helps) - https://community.f5.com/t5/technical-articles/apm-configuration-to-support-duo-mfa-using-irule/ta-p/283971. We are trying to reverse engineer iRule, but this one is not so trivial...Most of configuration we can copy to OAUTH Action, but we get stuck at token attribute inclusion. Default jwt attributes are not enough, so we need to add some extra ones.

Thank you very much!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...