User may be redirected to On-premises AAA Logout Page after Logging off Citrix Cloud

book

Article ID: CTX554659

calendar_today

Updated On:

Description

When you deploy an on-premises Citrix Gateway(NetScaler Gateway) as the OAuth IDP for Citrix Cloud. User may be redirected to on-premises IDP logout page(/vpn/tmlogout.html) instead of Citrix Cloud login page after logging out Citrix Cloud.

For example, you have the following URLs:

Citrix Cloud URL: https://corp.cloud.com/
NetScaler Gateway OAuth IDP URL: https://aaa.corp.com

After logging out Citrix Cloud, user is redirected to https://aaa.corp.com/vpn/tmlogout.html. ns.log says https://corp.cloud.com is not in whitelisted

May 22 16:12:23 <local0.info> x.x.x.x  05/22/2023:07:12:23 GMT ns 0-PPE-0 : default AAATM Message 196 0 :  "OAUTH IDP LOGOUT: incoming post logout redirect uri [https://corp.cloud.com/] not in whitelisted logout redirect uris for user []"

Resolution

If the logout redirect URL is different from ACS URL, then need to set explicitly

bind policy patset ns_aaa_oauthidp_logout_redirect_uris "https://corp.cloud.com/"

Problem Cause

If the logout redirect URL(https://corp.cloud.com/ ) is different from ACS URL(https://accounts.cloud.com/core/login-cip), it need to be set explicitly in built-in patset ns_aaa_oauthidp_logout_redirect_uris.

Issue/Introduction

[Citrix Cloud ] User may be redirected to AAA Logout Page(/vpn/tmlogout.html) Instead of Cloud Login Page after Citrix Cloud Logoff

Additional Information

Connect an on-premises Citrix Gateway as an identity provider to Citrix Cloud

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"