When attempting to launch a Linux VDA session through FAS authentication, whatever a new session or a session reconnect, user may run into a situation that, 'Authenticating user access' message appears in the session login screen for a while and then the session is forcibly terminated.

'citrix-ctxlogin' fails to decode certificate of the logged-in FAS user due to buffer overflow, and the subsequent login step is able to take place. As a result, the session is forcibly terminated.
The pattern can be identified by the following log snippet in Linux VDA hdx.log file.

citrix-ctxlogin: connect fas
citrix-ctxlogin: start connect to server 0
citrix-ctxlogin: connect to server 0 success
citrix-ctxlogin: get public certificate
citrix-ctxlogin: waiting for response...
citrix-ctxlogin: query to server success
citrix-ctxlogin: base64 decode
citrix-ctxloginui: connection closed by peer (EOF)
citrix-ctxgfx: Session on display *** (user "*") killed after death of ctxlogin process **** detected.

Please upgrade Linux VDA to  Linux VDA 2507 LTSR CU1 or later, which fixed the user certificate decoding issue upon FAS login.

The article describes an issue in the use case of Linux VDA 2507 session login with FAS

• When using LVDA 2507 with FAS authentication, the FAS user certificate may fail to decode, which can prevent further processing and terminate the session. [LNXVDA-20257]
• https://docs.citrix.com/en-us/linux-virtual-delivery-agent/2507-ltsr/whats-new/cumulative-update-1/fixed-issues