Jump to content
Welcome to our new Citrix community!

Citrix ADC 13.0 85.19 Workspace App Login Loop


gmichae659

Recommended Posts

Upgraded our VPX appliances from 13.0 84.11 to 13.0 85.19 and suddenly our Citrix Workspace App users started receiving login loops. 

Authentication seems to be working fine, verified with instructions in https://support.citrix.com/article/CTX114999

Checking within ADM, Gateway Insight, we see errors such as "Single Sign ON Failed" in Error Description.  Sometimes the SSO Method column also shows a value of "AG Basic"

Login via Web also intermittently fails, but it seems that when using a browser Incognito/Private session seems to work.

 

This issue appears to be the same as in https://discussions.citrix.com/topic/415950-netscaler-login-looping-back-to-login-page/ but removing the Traffic policy does not address this issue.  Changing the theme from a custom RfWebUI to the default one, did not work either.

 

Still early in the investigation (and working with Citrix support), but is anyone else experiencing issues with this version?

 

Thank you

Link to comment
Share on other sites

1 hour ago, Carl Stalhood1709151912 said:

Try turning off HSTS in the SSL Profile.

a. Duplicated the SSL Profile, and unchecked HSTS.  Used a Rewrite policy instead to implement HSTS.  This did not work.

b. Duplicated the SSL Profile, and unchecked HSTS.  Removed the HSTS Rewrite policy.  This also did not work.

 

This is occurring on the other sites.  I am thinking of downgrading a node in a minor site for testing.

Link to comment
Share on other sites

We see the same issues and did a lot of thesting regarding session policy, traffic policy, SSL/HSTS but the only solution we found is to use another theme. They all work except RFWebui. ... but this isn't a solution because they are all deprecated. We will try a downgrade today and opened a Citrix case.

Link to comment
Share on other sites

6 hours ago, Markus Benczak said:

We see the same issues and did a lot of thesting regarding session policy, traffic policy, SSL/HSTS but the only solution we found is to use another theme. They all work except RFWebui. ... but this isn't a solution because they are all deprecated. We will try a downgrade today and opened a Citrix case.

Peformed a quick test (will need to test a bit more) and it seems to work when using our previous X1 custom theme.  Good catch Markus. 
Will update our existing Citrix case with this information.

Link to comment
Share on other sites

6 hours ago, Markus Benczak said:

We see the same issues and did a lot of thesting regarding session policy, traffic policy, SSL/HSTS but the only solution we found is to use another theme. They all work except RFWebui. ... but this isn't a solution because they are all deprecated. We will try a downgrade today and opened a Citrix case.

Hi Markus, did you by any chance try to re-create a new RfWebUI theme?
Also, in the past, there were issues with themes during upgrades, some had missing files, and in some instances you had to run a command to fix the issue.

But hopefully we will get an answer from support.

Link to comment
Share on other sites

Hi, I had also some logon loops after updating to 13.1 21.50

 

Setting a session timeout in a session profile which overwrites the default solved the issue. I think there is a bug in the default session timeout which is facing some loops in session lifetime. It could be the same here, too.

 

Regards

Julian

  • Like 1
Link to comment
Share on other sites

  • 2 weeks later...
  • 1 month later...
On 6/20/2022 at 4:43 PM, Jocelyn Briere said:

Citrix just released this build today that seems to fix this as per the releases notes.

Citrix ADC Release (Maintenance Phase) 13.0 Build 86.17

 

Which one should include the fix in 13.0 86.17? I'm not sure if it's fixed

 

- In a unified gateway setup, in rare cases you might be presented with a re-login page when accessing services behind the unified gateway even after the authentication is successful.

[ NSHELP-31148, NSHELP-27994 ]

 

Known Issues:

 

- Sometimes, a user is logged out of Citrix Gateway within a few seconds when the client idle timeout is set.

[ NSHELP-28404 ]

 

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...
On 6/1/2022 at 7:44 AM, gmichae659 said:

Upgraded our VPX appliances from 13.0 84.11 to 13.0 85.19 and suddenly our Citrix Workspace App users started receiving login loops. 

Authentication seems to be working fine, verified with instructions in https://support.citrix.com/article/CTX114999

Checking within ADM, Gateway Insight, we see errors such as "Single Sign ON Failed" in Error Description.  Sometimes the SSO Method column also shows a value of "AG Basic"

Login via Web also intermittently fails, but it seems that when using a browser Incognito/Private session seems to work.

 

This issue appears to be the same as in https://discussions.citrix.com/topic/415950-netscaler-login-looping-back-to-login-page/ but removing the Traffic policy does not address this issue.  Changing the theme from a custom RfWebUI to the default one, did not work either.

 

Still early in the investigation (and working with Citrix support), but is anyone else experiencing issues with this version?

 

Thank you

Hello,

Have you made any progress ?

We see the same errors in ADM and are also experiencing the login loop.

We have a case opened and eng + Workspace + ADC team are looking at debug logs + fiddler traces from Workspace.

Timeout seems not to work as users can often restart applications without a login. Long after the set timeout should have kicked in.

At times we have had users getting someone else session, this looping issue happens mostly if not only with the Workspace.

Link to comment
Share on other sites

On 8/8/2022 at 5:25 AM, Henrik Christensen1709154275 said:

13.0 86.17 seems to have the same issue, adjusting client idle timeout does not fix it.

Correct, see my post above. We are on 86.17 and that upgrade didnt solve it. All started when we went from 12.1 to 13.x.

Not cool at all...

Link to comment
Share on other sites

  • 1 month later...

Hi,

not sure if this is the same thing but I’m seeing a similar behavior with browser logins on thin clients.

They are configured to start a firefox (or chromium) in private mode to access only the gateway website. After login (ldap+radius) users are redirected back to login page (successful login in aaa.debug log)

I can reproduce the issue on my windows pc with Firefox in private mode.

The funny part: every 10th or so login attempt goes through, seems to be a timing issue.

 

I was able to find a workaround with chromium in non-private mode on the thin clients for now.

I will test different login themes as soon as I get some time.

 

Cheers

Michael

Link to comment
Share on other sites

  • 2 weeks later...

So after 3+ months and many escalations to the dev team Citrix finally found the issue and came out with a solution. 

They found out that some javascript files were wrong and the code needed to be corrected.

Support provided us with new webview_complete_browser and webview_complete_native files.

Upon applying those new files all the login loop stopped immediately without needing to do anything else.

Support told us that these changes would be available on the next release as it was definitely a bug with the Workspace and ADC.

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...