Jump to content
Welcome to our new Citrix community!

Citrix ADC 13.1 nfactor authenticatin prefil username from user certificate after EPA device certificate scan.

Citrix KU

Recommended Posts


I please for help,


I have netscaler version 13.1 12.51. I need to authenticate against citrix netscaler gateway AAA nfactor in three steps.

The flow is following:

1) EPA scan for device certificate

2) user certificate authentication

3) LDAp authentication


In third step i need to prefil username from step 2). So from user certificate. But the prefiled username is Anonymous. I have set up client cert as twofactor, so ON option is selected by two factor authentication. Also I have set up Subject E: to prefill email to username field. I tried several fields, no one was functional. In XML in LDAP auth schema i wrote <InitialValue>${aaa.user.name}</InitialValue>...


I think basic set up is in place. the problem, as I see it is probably in control which username to put in LDAP third factor. In log i can see that CN from device certifiate is extracted. But later I can see in log that Anonymous was extracted. I can also tell that if no EPA scan is configured then correct username is prefiled from user certificate. Except epa in such case is configuration the same...


Do you know if this is just some sort of bug or how can I control from where username is prefilled to LDAP authentication?





Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...