NFactor broke with error "No active policy during authentication."

[Jeff Riechers]

So I have a special nfactor setup in my lab built with my terraform that provides a dropdown list of authentication methods for LDAP, Azure SAML, Google, Okta, etc. I was testing out setting up FAS and updated my netscaler to the latest 14.1 build when out of nowhere the nfactor dies after selecting your policy. So I rolled back to my snapshot beforehand, re-applied the same terraform code, and it is still broken. I created a manual nfactor flow with my schemas and policies and they also don't work. I am trying to get details on where the failure is taking place, but I can't find anything in the logs, or in the web code that gives me any direction. I have included a copy of the scrubbed config if that helps.

[Hemang Raval]

Hello Jeff,

Error message "No active policy during authentication" indicates that no auth policy is being invoked. This means below expression is not being evaluated correctly:

"HTTP.REQ.BODY(500).AFTER_STR("domain=").CONTAINS("LDAP")"

Please check for case sensitivity here or check whether expression is right evaluated.

Thanks and regards,

Hemang

[Jeff Riechers]

Yup, that is what I thought. But it all lines up in the webcode.

[Hemang Raval]

Please raise issue with support. This will need log and Wireshark analysis for troubleshooting further.

[Jeff Riechers]

Well, I think I found the issue. I had enabled Login Encryption on the image to harden the environment. Once I changed that back it worked correctly.

[Dean Condrashoff]

I had this issue with 13.1 as well with the login encryption. I had to move away from using the "domain" id, and use the user name field instead. I then used a policy which checked the expression AAA.USER.NAME.CONTAINS("OTP"), after the user proceeded to auth they would input their actual user name and this field would be updated. I never had a chance to open a ticket on this issue as it was a one off problem and I couldn't wait for the support wheels to grind.