Jump to content
Welcome to our new Citrix community!

OAuth Authorization Header is removed on first request


Recommended Posts

Hello,

we do oauth for our application. The ADC should only do token validation and then forward the token to the webserver.

We see the issue that the token validation works well, but the first request to the webserver doesnt contain the Authorization bearer token. The second request then is fine.

I find this article: https://support.citrix.com/article/CTX225084

But this removes the authorization bearer header completly. But out webserver needs the header.

 

Any ideas to fix it? Our release is 13.0 build 83

Link to comment
Share on other sites

Hello Stefan,

 

I've written a Blogpost about this so the authorization bearer header isn't removed and send to your webserver successfully. The commands are also able to use as a AAA traffic action for binding this to your LB Webserver vServer on ADC. https://www.julianjakob.com/citrix-adc-ssl-vpn-is-breaking-sso-to-oauth-based-webapps/ 

 

Best Regards

Julian

Link to comment
Share on other sites

2 minutes ago, Julian Jakob said:

Hello Stefan,

 

I've written a Blogpost about this so the authorization bearer header isn't removed and send to your webserver successfully. The commands are also able to use as a AAA traffic action for binding this to your LB Webserver vServer on ADC. https://www.julianjakob.com/citrix-adc-ssl-vpn-is-breaking-sso-to-oauth-based-webapps/ 

 

Best Regards

Julian

 

Hi Julian,

 

thanks for your post. The informations are the same as in the citrix article. If i create the traffic policy, the authorization header is also missing. And the second and further requests also missed the Authorization header.

 

Link to comment
Share on other sites

2 hours ago, Julian Jakob said:

Did you used lower prio so it's getting hits? I've used these commands for a few webserver deployments which are using the bearer constantly - and it's working fine.

I have only one traffic policy. 
 

perhaps it makes a difference, I use a lb vserver for publishing my webserver instead a vpn gateway. 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...