Citrix ADC – Issue with re-login on Unified – Gateway, when AuthenticationHost is configured with the same FQDN for a bookmarked LB backend

To resolve this, please make sure the cookies involved in the LoadBalancer – Authentication Vserver flow does not interferes with UnifiedGateway flow. This can be achieved by reconfiguring the AuthenticationVserver on a different FQDN than that of UnifiedGateway.

Depending upon how the Authentication for LoadBalancer is configured, this can be changed by where the AuthenticationHost is mentioned

Configuration :

Using CLI:

For Authentication Profile

> set authentication authnProfile authProf -authenticationHost sample.com

> sh authentication authnProfile authProf

1) Name: authProf

Authentication vserver: abs_auth_vs

Authentication vserver FQDN: sample.com

Authentication Domain:

Authentication Level: 0


For LoadBalancer Vserver

> add lb vserver lb_443 SSL IP 443 -authentication ON -authenticationhost sample.com

Related:

  • No Related Posts

During New MAM Enrollment End User Receives – “An error occurred. The enrollment will stop”

During enrollment MDM proceeds successfully, but the MAM enrollment fails with “An error occurred. The enrollment will stop”.

On Android you may experience the following:

Enrollment will successfully complete, however Secure Hub is enrolled only in MDM mode not MAM.

Scenarios that Identify failed enrollments:

  • If PIN authentication is enabled, the user is not prompted to enter the PIN and Secure Hub prompts the following error: “Secure Hub has stopped”
  • The only option displayed is “Home” within Secure Hub. The options such My Apps and Store are not displayed.

Related:

Force authenticate when all authentication realm failed.

I need a solution

Hello,

Guys 

It is possible to force authenticate user to visit website with any option ( on policy) through the proxysg when all authentication realm failed. We have been using two authentication realm such as windows sso, iwa. If those authentications will failed then could users force authenticate to visit website with any options ? 

Web authentication layer1

Source Destination Action Track Comment
Any Any Windows SSO authentication and PermitAuthenticationError None  
Web authentication layer2

Source Destination Action Track Comment
Any User authentication Erros schema(http,https) Guest authentication ( IWA ) None  
SSL Access Layer

Source Destination Service Action Track Comment
david@example.com facebook.com Any Allow None  
Any office.com Any Allow None  
0

Related:

  • No Related Posts

Weblogging client (NSWL) login unsuccessful with nsroot account

Authentication for NSWL happens in following order:

1. If credential corresponds to local system user,

a. If ‘externalAuth’ corresponding to that system user turned off then authentication happens locally.
b. Otherwise we do external authentication.

2. Otherwise user is authenticated by external authentication servers.[this is checked based on whether any ‘authentication policies’ are bound to ‘system global’

3.If external authentication servers are not reachable (or no external auth servers present), we fallback to local authentication.

Related:

  • No Related Posts

MFA authentication for administrators of Bluecaor ProxySG

I need a solution

Hi Techies,

We need to configure MFA authentication for administrators of Bluecoat proxySG.

Please confirm can we configure MFA authentication for administrators on proxy server, If yes please provide us steps/Procedure for the same.

Any lead much appriciated.

Thanks,

Mayur

0

Related:

SSL intercept authentication failed

I need a solution

Hello guys,

Good day

I had been intercepting ssl traffic and non domain computers were couldn’t authenticate with IWA authentication. Also domain users cannot authentication with windows sso. I want to intercept only specific destination address and other destination wouldn’t intercepted. 

1. Domain user’s received below error message from proxy. 

2. Non domain user’s received below error message from proxy. 

Proxy layer description:

Web authentication layer

Source Destination Action Track Comment
Any Any Windows sso and PermitAuthenticationError None  
Guest authentication layer

Source Destination Action Track Comment
Any User Authentication Error Any AuthenticateGuest(IWA) None  
Web Access layer

Source Destination Service Time Action Track Comment
Any example.com http and https any Allow None  
user@test.com onlyauth.com http and https any  Allow  None  
SSL Intercept layer

Source Destination Service Action Track Comment
Any example.com Any SSLInterception1 None  

Thank you

0

Related: