Nils Kellgren Posted January 20 Share Posted January 20 Hi I have followed this guide: https://support.citrix.com/article/CTX234873/how-to-deploy-netscaler-as-both-oauth-sp-and-idp And set up my lab environment as both idp and sp. It all works, my browser redirects twice, first from lbvs, to sp, then to idp and I can successfully login. I have bound an LDAP auth policy in idp aaa vserver to be able to login. However, after _exactly_ 1 hour of time when staying connected to lbvs URL, I'm suddenly logged out and redirected to the SP logout URL. (https://fqdn-of-sp/vpn/tmlogout.html) And I see this in the ns.log: Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAA Message 4051 0 : "OAUTHIDP: Token API: Incoming code is <>, clientid <b4e7c310-bee2-4572-90fc-8d5ddd5135b1>, clientsecret: <> redirecturi: <>, grant <4> client_assertion <0> token <>" Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAA Message 4052 0 : "OAUTHIDP: Policy clientid matched: validating incoming redirect uri=<> with configured uri=<https://fqdn-of-sp/oauth/login>, type 4" Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAA Message 4053 0 : "OAUTHIDP: Policy clientsecret matched: token type 4" Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM Message 4054 0 : "Artifact Store: Value absent in local cache" Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAA Message 4055 0 : "OAUTHIDP: Refresh Token ERROR: token <> not found" Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM Message 4056 0 : "OAUTH RESP: ns_aaa_oauth_resp_handler, response code 400 is not 200 OK, bailing out " Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM Message 4057 0 : "OAUTHRP: RefreshToken: API failed or response size 0, user: <myusername>" Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM Message 4058 0 : "Failed to refresh the token, logging out local session" Jan 19 11:45:22 <local0.info> 192.168.0.130 01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM LOGOUT 4059 0 : User myusername- Client_ip 192.168.0.1 - Nat_ip "Mapped Ip" - Vserver 192.168.0.230:443 - Start_time "01/19/2024:10:22:16 GMT" - End_time "01/19/2024:11:45:22 GMT" - Duration 01:23:06 - Http_resources_accessed 0 - Total_TCP_connections 0 - Total_policies_allowed 3 - Total_policies_denied 0 - Total_bytes_send 0 - Total_bytes_recv 0 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - LogoutMethod "Explicit" - Group(s) "N/A" Any help, ideas or just inputs are appreciated. Best Regards Nils Kellgren Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now