Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
804
Views
0
Helpful
1
Replies

Steps missing - Duo for NetScaler Web

Rathelm80
Level 1
Level 1

‎10-14-2024 08:59 AM

Just an FYI for anyone else trying to secure Netscaler with the newer application protections. The guide is missing a couple of critical steps. The nFactor flow won't always send the proper password credentials to the Storefront causing an error of unable to connect. The logs will show:

 

CitrixAGBasic single sign-on failed because the credentials failed verification with reason: Failed. The credentials supplied were; user: test domain: test

 

To fix this, inside of the login schema that it asks you to create you need to add a couple more variables:

User Credential Index: 1

Password Credential Index: 2

Then you need to make a traffic policy and define:

SSO User Expression: HTTP.REQ.USER.ATTRIBUTE(1)

SSO Password Expression: HTTP.REQ.USER.ATTRIBUTE(2)

Apply the traffic policy to the Virtual Server and it should then properly send the correct password to the storefront.

Hope this helps someone.

0 Helpful
1 Reply 1

DuoKristina
Cisco Employee
Cisco Employee

‎10-21-2024 01:45 PM

We've had some customers report they had issues with StoreFront logins after completing primary and secondary auth. We've been in touch with our technical partner contacts at NetScaler, and have put their suggestions into https://help.duo.com/s/article/9044. They indicated they are investigating why this is an issue.

Duo, not DUO.
0 Helpful
Quick Links
     
                  Duo Release Notes   Duo Discussion Forums      
 
 
Customers Also Viewed These Support Documents