RfWebUI Causes Issues for SAML and Responder Policies
Due to the usage of AJAX with RFWebUI, the NetScaler has several known issues when using RFWebUI portal theme. The problem is due to the fact that all RfWebUI requests are done using AJAX and the responses are all generated by the PPE which cannot be intercepted and acted upon. This creates several know issues:

• We cannot apply Responder policies for PPE-generated responses. Therefore Responder policies do not and can not work with RFWebUI. Use another theme. It is an unsupported configuration to attempt to use Responder Policies with the RfWebUI theme.
   
• A VPN Vserver that is configured as a SAML SP fails to redirect to the IDP and instead you get the RfWebUI theme's login page which you should not and SAML will not work. There are 3 ways to resolve this:
  • 1) Use another Portal Theme.
  • 2) Use nFactor instead of Basic Auth Policies
  • 3) Upgrade to 11.1 55.x or 12.0 51.x
• A VPN Vserver that is configured for SAML SP fails to logout. When you log in the first time the gateway is able to redirect to the IDP, authentication occurs successfully and the app launches. However when you log out, ideally you would want to be redirected to IDP. However instead you receive Logout errors. The fix is to upgrade to 11.1 55.x or 12.0 51.x.