Jeff Riechers Posted December 11, 2023 Share Posted December 11, 2023 So I have a special nfactor setup in my lab built with my terraform that provides a dropdown list of authentication methods for LDAP, Azure SAML, Google, Okta, etc. I was testing out setting up FAS and updated my netscaler to the latest 14.1 build when out of nowhere the nfactor dies after selecting your policy. So I rolled back to my snapshot beforehand, re-applied the same terraform code, and it is still broken. I created a manual nfactor flow with my schemas and policies and they also don't work. I am trying to get details on where the failure is taking place, but I can't find anything in the logs, or in the web code that gives me any direction. I have included a copy of the scrubbed config if that helps. Link to comment Share on other sites More sharing options...
Hemang Raval Posted December 11, 2023 Share Posted December 11, 2023 Hello Jeff,Error message "No active policy during authentication" indicates that no auth policy is being invoked. This means below expression is not being evaluated correctly:"HTTP.REQ.BODY(500).AFTER_STR("domain=").CONTAINS("LDAP")"Please check for case sensitivity here or check whether expression is right evaluated.Thanks and regards,Hemang Link to comment Share on other sites More sharing options...
Jeff Riechers Posted December 11, 2023 Author Share Posted December 11, 2023 Yup, that is what I thought. But it all lines up in the webcode. Link to comment Share on other sites More sharing options...
Hemang Raval Posted December 11, 2023 Share Posted December 11, 2023 Please raise issue with support. This will need log and Wireshark analysis for troubleshooting further. Link to comment Share on other sites More sharing options...
Solution Jeff Riechers Posted December 12, 2023 Author Solution Share Posted December 12, 2023 Well, I think I found the issue. I had enabled Login Encryption on the image to harden the environment. Once I changed that back it worked correctly. Link to comment Share on other sites More sharing options...
Dean Condrashoff Posted December 13, 2023 Share Posted December 13, 2023 I had this issue with 13.1 as well with the login encryption. I had to move away from using the "domain" id, and use the user name field instead. I then used a policy which checked the expression AAA.USER.NAME.CONTAINS("OTP"), after the user proceeded to auth they would input their actual user name and this field would be updated. I never had a chance to open a ticket on this issue as it was a one off problem and I couldn't wait for the support wheels to grind. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now