Quick Support

Für den Fernsupport von nicht verwalteten Geräten verwenden wir die sichere und schnelle Support-Software von AnyDesk.

Sie können unseren angepassten Client für Windows, MacOS und Linux unten herunterladen.

Windows Quicksupport
MacOS Quicksupport
Linux 64-Bit Quicksupport
Skip to content

Heads-up! Update to Citrix ADC 12.1 Build 60.19 „breaks“ SSO for Basic Authentications

I guess everybody working with Citrix ADC was facing the large DDOS Attack on EDT enabled vServer.

Citrix released updated a new firmware for all supported Versions for fixing the workaround using the “HelloVerifyRequest” setting as there was a bug resulting in a memory leak.

Check https://support.citrix.com/article/CTX289674

The versions are:

  • 13.0-71.44 and later
  • 12.1-60.19 and later
  • 11.1-65.16 and later

We just updated today one of our affected customers which definitely required EDT on the fresh fixed build 12.1 Build 60.19 to enable UDP based HDX connections again.

Upgrade worked out without any issue, EDT was back available and customer was happy.

However pretty quick the customer IT department was getting users complaining that the Login to Citrix Collaboration Management (aka ShareFile) isn’t working anymore.

We took traces, checked logs and found the following on the ns.log:

„SSO FAIL forwading to client because of weak SSO user <username>“

This sounded familiar to customers surprised in version 13.0, where Citrix decided to deactivate SSO on global level for security reasons (which do sense). See here 

But wait, this customer was running version 12.1?!

We checked the release notes, but there was no hint that the SSO behaviour was modified, however, we configured the traffic policies to allow SSO using basic auth on specific ressources and the ShareFile Login (together with other customer internal ressources) was back working.

On a deeper research on Citrix Docs it seems that it is documented but unfortunately not highlighted. See https://docs.citrix.com/en-us/citrix-adc/12-1/aaa-tm/enable-sso-for-auth-pol.html

 

In other words: Check your Citrix ADC Config if there are any SSO related configurations using Basic, Digest, and NTLM authentication before updating to the latest 12.1 Build, especially if you got AAA Servers or XenMobile/Endpoint Mangement or ShareFile in place.

Dieser Beitrag hat 0 Kommentare

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

ERROR: si-captcha.php plugin: securimage.php not found.

An den Anfang scrollen