Citrix Gateway: Auth failure on second factor causes redirection back to SAML IDP (first factor)

Citrix Gateway: Auth failure on second factor causes redirection back to SAML IDP (first factor)

book

Article ID: CTX250255

calendar_today

Updated On:

Description

Gateway Vserver is configured with SAML Auth (2FA Enabled) and LDAP Auth (both policies bound as Primary)

User accesses Gateway and is redirected to SAML IDP (first factor) 

After authenticating on IDP user is redirected to Gateway and is presented with login screen (second factor)

At this point if wrong LDAP password is entered, user is redirected back to SAML IDP. This is unexpected as first factor was already completed. The expected behavior is to present the login screen again with "invalid credentials error"

Resolution

The fix is expected in 12.1.52.x. 

Problem Cause

IssueID: NSHELP-18912 == NetScaler Gateway: When SAML with 2 factor is employed for user authentication, if user fails to validate the second factor on gateway portal, gateway redirects user to IdP for SAML login again if a previous tcp connection is reused
Powered by Wolken Software