Traffic Management Logout Functionality on NetScaler

Traffic Management Logout Functionality on NetScaler

book

Article ID: CTX133537

calendar_today

Updated On:

Description

This article covers the Traffic Management (TM) logout functionality  on NetScaler which is added in 10.0 and 9.3.e releases. The TM logout functionality triggers AAA session logout on traffic action hit.

NetScaler can be configured for "Initiate Logout" option in the TM traffic profile.

The following example shows how to enable TM logout and how it works:

User-added image

  1. The TM logout option is enabled for Traffic Action "Logout".

  2. When the user requests "Logoff.html", then NetScaler inserts a Java script in response and sends it to the user.

  3. Java script automatically sends a request to /cgi/tmlogout with NSC_TMAA AAA cookie and NetScaler clears the session.

Troubleshooting

The following are some troubleshooting tips:

  • In case some browsers work differently and do not accept Java script, then NetScaler moves that AAA session to timeout mode and completely removes the session after 2 minutes.

  • Verify counter "aaatm_ins_logout_script_fail", if NetScaler fails to insert Java script.

  • When script insertion fails, ensure to add the Lbvserver FQDN to the Trusted Sites in Internet Explorer/Chrome.

  • When some back end servers return 302 instead of 200, then NetScaler fails to insert the script but cleans the AAA session on fail to insert.

    Following are some of the widely used traffic profiles:

    • OWA2010/OWA2007

      add tm trafficAction logout -appTimeout 1 -InitiateLogout ON
add tm trafficPolicy logout-owa "HTTP.REQ.URL.CONTAINS(\"logoff.aspx\") &&
!HTTP.REQ.COOKIE.CONTAINS(\"cadata\")&& HTTP.REQ.COOKIE.CONTAINS(\"NSC_TMAA\")" logout

    • SharePoint 2007/2010

      add tm trafficPolicy logout-Sharepoint "HTTP.REQ.URL.CONTAINS(\"/_layouts/SignOut.aspx\")" logout

    • WI on NetScaler

      add tm trafficPolicy wi-jsp-sso-logout "HTTP.REQ.URL.CONTAINS(\"Citrix/XenApp/auth/loggedout.jsp\")" logout

      • Load balancing External Web Interface servers and logging off AAA session

        add tm trafficPolicy logout-wi "HTTP.REQ.URL.CONTAINS(\"Citrix/Direct/auth/loggedout.aspx\")" logout
       

      Issue/Introduction

      This article provides information about the Traffic Management logout functionality on NetScaler which is added in 10.0 and 9.3.e releases.
      Powered by Wolken Software