Jump to content

NS setup as oauth idp refresh token issue

Nils Kellgren
 Share

Recommended Posts

Nils Kellgren Rookie

Nils Kellgren

Posted
Posted

Hi

 

I have followed this guide: https://support.citrix.com/article/CTX234873/how-to-deploy-netscaler-as-both-oauth-sp-and-idp

And set up my lab environment as both idp and sp. It all works, my browser redirects twice, first from lbvs, to sp, then to idp and I can successfully login. I have bound an LDAP auth policy in idp aaa vserver to be able to login.

 

However, after _exactly_ 1 hour of time when staying connected to lbvs URL, I'm suddenly logged out and redirected to the SP logout URL. (https://fqdn-of-sp/vpn/tmlogout.html)

 

And I see this in the ns.log:

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAA Message 4051 0 :  "OAUTHIDP: Token API: Incoming code is <>, clientid <b4e7c310-bee2-4572-90fc-8d5ddd5135b1>, clientsecret: <> redirecturi: <>, grant <4> client_assertion <0> token <>"

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAA Message 4052 0 :  "OAUTHIDP: Policy clientid matched: validating incoming redirect uri=<> with configured uri=<https://fqdn-of-sp/oauth/login>, type 4"

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAA Message 4053 0 :  "OAUTHIDP: Policy clientsecret matched: token type 4"

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM Message 4054 0 :  "Artifact Store: Value absent in local cache"

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAA Message 4055 0 :  "OAUTHIDP: Refresh Token ERROR: token <> not found"

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM Message 4056 0 :  "OAUTH RESP: ns_aaa_oauth_resp_handler, response code 400 is not 200 OK, bailing out "

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM Message 4057 0 :  "OAUTHRP: RefreshToken: API failed or response size 0, user: <myusername>"

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM Message 4058 0 :  "Failed to refresh the token, logging out local session"

Jan 19 11:45:22 <local0.info> 192.168.0.130  01/19/2024:11:45:22 GMT ns-01 0-PPE-0 : default AAATM LOGOUT 4059 0 :  User myusername- Client_ip 192.168.0.1 - Nat_ip "Mapped Ip" - Vserver 192.168.0.230:443 - Start_time "01/19/2024:10:22:16 GMT" - End_time "01/19/2024:11:45:22 GMT" - Duration 01:23:06  - Http_resources_accessed 0 - Total_TCP_connections 0 - Total_policies_allowed 3 - Total_policies_denied 0 - Total_bytes_send 0 - Total_bytes_recv 0 - Total_compressedbytes_send 0 - Total_compressedbytes_recv 0 - Compression_ratio_send 0.00% - Compression_ratio_recv 0.00% - LogoutMethod "Explicit" - Group(s) "N/A"

 

Any help, ideas or just inputs are appreciated.

Best Regards

Nils Kellgren

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

© Cloud Software Group, Inc. All rights reserved.

×
×
  • Create New...