Christoph Stockinger Posted May 8, 2019 Share Posted May 8, 2019 Hello everyone, we have got a weird problem after upgrading our ADC 5650 to 12.1 51.19 Our reverse published internal web applications (every application has its own public subdomain) secured by an AAA vServer are configured for SSO with a single session policy. Everything was working as intended before upgrading the firmware, but now after successfully logging into an application the request for another application in the same browser session gets the following response: Quote Http/1.1 Internal Server Error 43550 It seems that the injected URL cgi/processpost?target=/ (by the AAA server?) cannot be requested - i have never seen this URL before. After refreshing the page or removing the URL in the address bar the request is successful. Also the ns.log gets spammed by AAATM Error Handler: Found extended error code 1507328 entries. Was there any change to SSO sessions, advanced Authorization policy handling or something in this context? Link to comment Share on other sites More sharing options...
James Parnell Posted May 9, 2019 Share Posted May 9, 2019 We're also seeing a similar issue having upgraded to 12.1 51.19 this morning We request a site through a browser that is secured with AAA authentication. It errors with Http/1.1 Internal Server Error 43524 The ns.log is full of the following at the time: May 9 09:19:57 <local0.info> 172.17.71.100 05/09/2019:08:19:57 GMT CTX-NS-P02 0-PPE-0 : default AAATM Message 3710 0 : "AAATM Error Handler: Found extended error code 1507328, ReqType 16386 request /sites/drinkingwater, cookie hdr __cfduid=d65a87d06312434d5f5ed713871731ef21548147339; _ga=GA1.3.171913679.1548147345" May 9 09:19:57 <local0.info> 172.17.71.100 05/09/2019:08:19:57 GMT CTX-NS-P02 0-PPE-0 : default AAATM Message 3712 0 : "AAATM Error Handler: Found extended error code 1507328, ReqType 16386 request /cgi/tm?code=311812dfb622fd88, cookie hdr __cfduid=d65a87d06312434d5f5ed713871731ef21548147339; _ga=GA1.3.171913679.1548147345" May 9 09:19:58 <local0.info> 172.17.71.100 05/09/2019:08:19:58 GMT CTX-NS-P02 0-PPE-0 : default AAATM Message 3714 0 : "AAATM Error Handler: Found extended error code 1507328, ReqType 16386 request /cgi/tm?code=3395def4d524c253, cookie hdr __cfduid=d65a87d06312434d5f5ed713871731ef21548147339; _ga=GA1.3.171913679.1548147345" May 9 09:19:58 <local0.info> 172.17.71.100 05/09/2019:08:19:58 GMT CTX-NS-P02 0-PPE-0 : default AAATM Message 3716 0 : "AAATM Error Handler: Found extended error code 1507328, ReqType 16386 request /cgi/tm?code=5113369e3d82010d, cookie hdr __cfduid=d65a87d06312434d5f5ed713871731ef21548147339; _ga=GA1.3.171913679.1548147345" May 9 09:19:58 <local0.info> 172.17.71.100 05/09/2019:08:19:58 GMT CTX-NS-P02 0-PPE-0 : default AAATM Message 3718 0 : "AAATM Error Handler: Found extended error code 1507328, ReqType 16386 request /cgi/tm?code=f4bf6b36988b46e9, cookie hdr __cfduid=d65a87d06312434d5f5ed713871731ef21548147339; _ga=GA1.3.171913679.1548147345" Link to comment Share on other sites More sharing options...
Christoph Stockinger Posted May 9, 2019 Author Share Posted May 9, 2019 Do you see the URL https://requestedhostname.com/cgi/processpost?target=/ as well? That's what is failing in my case. Link to comment Share on other sites More sharing options...
James Parnell Posted May 9, 2019 Share Posted May 9, 2019 The address bar containts https://requestedhostname.com/cgi/tm?code=eaa53e58c7effd93 in my case Link to comment Share on other sites More sharing options...
Christoph Stockinger Posted May 9, 2019 Author Share Posted May 9, 2019 I think the difference is that i get the error when i request another application after i already received the SSO cookie. But in the meantime users get the error at first login as well. Link to comment Share on other sites More sharing options...
Peter Erler Posted May 9, 2019 Share Posted May 9, 2019 I do have the same problem requesting a resource which is secured by AAA vServer acting as SAML SP. But ADC responds with SAML AuthnRequest form (http-status 200). May 9 16:04:04 <local0.info> 127.0.0.2 05/09/2019:14:04:04 GMT adcra01 0-PPE-0 : dstgvat AAATM Message 175333 0 : "AAATM Error Handler: Found extended error code 1507328, ReqType 16386 request /, cookie hdr " ADC NS12.1 51.19 Link to comment Share on other sites More sharing options...
Christoph Stockinger Posted May 10, 2019 Author Share Posted May 10, 2019 After opening a case with Citrix support, i got the hint to use an authentication profile and set an authentication domain. Then i bound it to the involved lb vservers and instantly the error was gone. Before upgrading I was setting the authentication configuration for AAA server and FQDN of AAA server directly in the lb vserver config without binding a profile. The option for authentication domain is only available in an authentication profile. See attached screenshot which i got by support. 1 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now