Last Modified: Jul 13, 2024
Affected Product(s):
BIG-IP APM
Known Affected Versions:
11.6.0, 11.6.0 HF1, 11.6.0 HF2, 11.6.0 HF3, 11.6.0 HF4, 11.6.0 HF5, 11.6.0 HF6, 11.6.0 HF7, 11.6.0 HF8, 11.6.1, 11.6.1 HF1, 11.6.1 HF2, 11.6.2, 11.6.2 HF1, 11.6.3, 11.6.3.1, 11.6.3.2, 11.6.3.3, 11.6.3.4, 11.6.4, 11.6.5, 11.6.5.1, 11.6.5.2, 11.6.5.3, 12.0.0, 12.0.0 HF1, 12.0.0 HF2, 12.0.0 HF3, 12.0.0 HF4, 12.1.0, 12.1.0 HF1, 12.1.0 HF2, 12.1.1, 12.1.1 HF1, 12.1.1 HF2, 12.1.2, 12.1.2 HF1, 12.1.2 HF2, 12.1.3, 12.1.3.1, 12.1.3.2, 12.1.3.3, 12.1.3.4, 12.1.3.5, 12.1.3.6, 12.1.3.7, 12.1.4, 12.1.4.1, 12.1.5, 12.1.5.1, 12.1.5.2, 12.1.5.3, 12.1.6, 13.0.0, 13.0.0 HF1, 13.0.0 HF2, 13.0.0 HF3, 13.0.1, 13.1.0, 13.1.0.1, 13.1.0.2, 13.1.0.3, 13.1.0.4, 13.1.0.5, 13.1.0.6, 13.1.0.7, 13.1.0.8, 13.1.1, 13.1.1.2, 13.1.1.3, 13.1.1.4, 13.1.1.5, 13.1.3, 13.1.3.1, 13.1.3.2, 13.1.3.3, 13.1.3.4, 13.1.3.5, 13.1.3.6, 13.1.4, 13.1.4.1, 13.1.5, 13.1.5.1, 14.0.0, 14.0.0.1, 14.0.0.2, 14.0.0.3, 14.0.0.4, 14.0.0.5, 14.0.1, 14.0.1.1
Opened: Nov 02, 2016 Severity: 3-Major
While adding a Citrix store account in iOS citrix receiver, it prompts for credentials based on access policy "Citrix logon prompt" agent. It does not display the slider option to have it as an optional.
Client auth type can not be optional. It is either be two factor or single auth type.
Citrix APM is configured in replacement mode with "Citrix Logon Prompt" agent or "session.citrix.client_auth_type" variable assign is defined.
- Remove "Citrix Logon Prompt" and use regular "Logon Page". - Do not use "session.citrix.client_auth_type". - Add have the below irule attached to the Virtual server used for Store access. # optional two factor auth workaround. when HTTP_REQUEST { set uri_path [string tolower [HTTP::path]] if { $uri_path == "/vpn/index.html" } { HTTP::respond 200 -version auto content "/vpn/" noserver } elseif {$uri_path == "/agservices/discover"} { HTTP::respond 302 -version auto noserver Location "/vpn/index.html" } }
None