Robby Lambrechts Posted September 1, 2022 Share Posted September 1, 2022 Hello, I've a very weird issue: I've setup LDAP authentication with netscaler ADC to passthrough to Storefront. I've setup 2 ldap policies 1 with samaccountname, the other with userprincipalname. However only if a user where the samaccountname is different than the userprincipalname then I can't logon externally via netscaler with only the upn and I receive storefront citrix authentication issues with the following: CitrixAGBasic single sign-on failed because the credentials failed verification with reason: Failed. The credentials supplied were; user: user1 domain: domain.local However the upn what I'm filling in, is this one: user1@domain.com not user1@domain.local (the samaccountname is domain\user1.test. If I try this locally without netscaler then upn works and I can login. I've already tried checking in storefront to fullly delegate credentials to the citrix gateway, but the issue is the same, also adding trusted domains doesn't help either. I'm presuming it's the netscaler adc not passing the domain credentials correctly to the storefront server, or the storefront server is thinking the netscaler is using samaccountname instead of the upn and then the logon fails. It IS correctly working with this situation: upn: user2@domain.com and samaccountname: domain\user2 then I can logon externally perfectly. I'm really clueless at the moment. Did someone have/had the same problem and solve it? I've already updated to the latest version of Storefront 2203 LSTR CU1, which I thought would resolve the issue, because of an issue with delegation, but it didn't help. Thank you in advance! Link to comment Share on other sites More sharing options...
Robby Lambrechts Posted September 1, 2022 Author Share Posted September 1, 2022 I was too soon writing this article. I've solved it filling in the SSO Attribute name field with the samaccountname and server logon attribute with the userprincipalname. This way it works. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now