• From client machine Access website
• EPA kicks in and successful EPA response
• Got the login page (Two factor)
• Enter the Username and password
• Got an error “Not a privilege user” and stuck at /cgi/login

This is identified as a defect in the ADC software (tracked as issue ID#NSHELP-3488) and fixed in: 12.0-59.8 , 12.1 GA and 13.0 GA

Workaround:

• Disabled -clientSideMeasurements param under AppFlow action.

 

---

Problem Cause

The EPA response is of type text/html, which is treated like any other web-page by the appflow module. When clientsidemeasurements is on, a javascript is inserted into this response. On the browser, when the JS is executed, a special request gets generated and forwarded to the NetScaler. But during the EPA authentication phase, such a request is not expected and hence the EPA module expires the EPA and other cookies while sending a redirect response with login URL.