AAATM form extraction failure can be confirmed when there is an increment in "svpn_tot_sso_formextraction_failed" counter. For a detailed procedure on using the counters, refer to Citrix Blog - NetScaler ‘Counters’ Grab-Bag!.

The possible reasons for AAATM form extraction failure are:

• Action URL configured in Form SSO (Single Sign-on) profile does not match with the URL in the actual form
• Invalid user field in the form SSO profile
• Invalid password field in the form SSO profile
• Response size in the form SSO profile does not match the actual response size
• Action method get/post should match the action in the form
• SSO success rule should be properly configured.

• svpn_tot_sso_form_bad_method
• svpn_tot_sso_form_url_mismatch
• svpn_tot_sso_form_canon_failed
• svpn_tot_sso_form_fields_notfound

Also, check for debug prints in /var/log/ns.log as follows:

PPE-0 : SSLVPN Message 1385 0 : "FORMSSO: Configured action URL is relative default.aspxReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252FSitePages%252FHome%252Easpx&Source=%2fSitePages%2fHome.aspx, host spnew.nsi-test.com, relUrl /_forms/"

PPE-0 : SSLVPN Message 1386 0 : "FORMSSO: Normalized configured URL is http://spnew.nsi-test.com/_forms/default.aspxReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252FSitePages%252FHome%252Easpx&Source=%2fSitePages%2fHome.aspx "

PPE-0 : SSLVPN Message 1387 0 : "FORMSSO: Action URL in the form is http://spnew.nsi-test.com/_forms/default.aspx?ReturnUrl=%2f_layouts%2fAuthenticate.aspx%3fSource%3d%252FSitePages%252FHome%252Easpx&Source=%2fSitePages%2fHome.aspx"

PPE-0 : SSLVPN Message 1388 0 : "FORMSSO: Could not find form in the response buffer of size 8 "