Jump to content

Netscaler login looping back to login page


Sukumar Andela

Recommended Posts

Hello Sukumar,

I have the same problem with 13.1_17.42. The problem occurs since the update from 12.1_55.18. I have also imported a second, new appliance. The configuration is clean and not complicated. We only use one gateway with nFactor authentication. In the backend is Storefront 1912.2. 
Problem:
Often after successful login, the login page is displayed again. It is the login web page of the gateway - not the one of the storefront. The problem only occurs with browsers - logins with the Workspace app always work.
I have compared the exports of cat aaad.debug on a successful and an unsuccessful login: The exports are identical!
So the authentications are always successful. But the redirection to the storefront website often gets stuck!
Sometimes just waiting helps - after 15min all of a sudden the login works, although the browser window was not closed. Mac's seem to be more sensitive than Windows clients. It also occurs with all browsers.
We haven't found a solution for this yet!
Does anyone have this problem as well? Does anyone have a solution?
Thanks.

 

The same problem is also described here:

https://www.reddit.com/r/Citrix/comments/tajjh4/intermittent_login_loop_via_citrix_gateway_adc_131/

Link to comment
Share on other sites

Thanks for your replies and ideas

 

We could able to find the solution , post up-gradation to  13.0.85.15 , we have this problem.

 

solution :

 

1. In the previous version we observed that "No Themes" configured on the VIP servers

2. When we configured "Default Theme" and applied the settings on both VIP servers , issue resolved.

 

Link to comment
Share on other sites

Hello Carl,
GSLB is not used. There are no IP conflicts either. The configuration also worked without errors until before the update.

 

The workaround from Sukumar to assign the "Default" theme has also fixed the problem for us. 

 

But the "Default" theme is a deprecated feature! It can't be the final solution. There seems to be a bug with the RfWebUI.

Link to comment
Share on other sites

  • 3 weeks later...

exact same problem here after upgrading to 13.1-21.50 from 13.0-83.27

 

aaad log shows that the login was successfull but users are looped back to the logon page

 

every other login works though, not every login is affected but all users are. I can login successfully 10 times but then it just starts to loop again. No errors in aaad

Link to comment
Share on other sites

  • 4 weeks later...
On 5/8/2022 at 3:45 PM, Thorsten Kruumlger said:

Hi Leon, can you check if you are using traffic policies? For us these were the problem. I removed the traffic policy and the binding to the gateway vserver and now login works for us with web browser and workspace app.

Hi Thorsten,

For us the Traffic Policy was not the cause. I have unbind the Traffic Policy and switched to RfWebUI theme but the login jumps back to the login page. Only when I select Default or X1 theme (I have not tried Greenbubble) the login works fine. ADC version is 13.1 17.42.

 

@Carl Stalhood:

Is it correct that Traffic Policies are no longer "necessary for StoreFront on newer builds of ADC 13.0"? This is what you mentioned on your blog.

Link to comment
Share on other sites

Hi all. I'm on a call with Citrix technical support now. This is a known issue. They're working on a permanent fix, but the temporary workaround is to override the session timeout on the Client Experience tab in session profiles bound to your Gateway vServer, and set the value to 720. 

  • Like 3
Link to comment
Share on other sites

  • 2 weeks later...
On 6/14/2022 at 3:28 AM, Jeroen Cuijon said:

Hi all. The fix for this will be available by Q3.

Hi, who gave you a Q3 date for a fix ?

I have been struggling with Citrix support over this for two weeks and it seems none of the known fix work (theme, override global timeout)

Also seeing different behavior with Workspace 1912 ltsr vs the latest one.

Issue is only with the Workspace for us, web is fine. We upgraded to 13.0.85.19 and it started immediately.

Link to comment
Share on other sites

On 6/17/2022 at 7:44 PM, Jocelyn Briere said:

Hi, who gave you a Q3 date for a fix ?

I have been struggling with Citrix support over this for two weeks and it seems none of the known fix work (theme, override global timeout)

Also seeing different behavior with Workspace 1912 ltsr vs the latest one.

Issue is only with the Workspace for us, web is fine. We upgraded to 13.0.85.19 and it started immediately.

 

Citrix provided the Q3 time windows for the fix. However there is a new build 13.0-86-17 out that has the following fix.

Quote

 

In a unified gateway setup, in rare cases you might be presented with a re-login page when accessing services behind the unified gateway even after the authentication is successful.

[ NSHELP-31148, NSHELP-27994 ]

 

 

I am currently waited on confirmation that this indeed is the fix. I just got confirmation that this is the fix.

Edited by Jeroen Cuijon
  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...

This login loop issue started for us with build 13.0-85.19 and it looks like build 13.0-86-17 and build-13.1-24.38 does not resolve it. If you use RfWebUI or custom themes with RADIUS authentication the only workaround seems to be overriding the session timeout to 720 on the Client Experience tab in the session profiles bound to the Gateway vServer; I am not sure why this works.

I did a bit of troubleshooting and changed the authentication profile to Okta or LDAP and the login loop did not occur with RfWebUI. Changing the theme to GreenBubble also fixed the issue with RADIUS.

Bottom line with these latest builds is there is still a login loop issue with RfWebUI and custom themes when using RADIUS authentication, I hope a permanent fix arrives before Q3.

 

 

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...