NetScalers Enhanced Authentication Feedback is, despite being highly debatable from a security standpoint, a great feature in terms of usability.
Recently one of my customers had the requirement to enable it. But surprisingly we only received the error codes (4009, 4007, etc.) – not the error messages.
- “4009” instead of “user unknown”
- “4007” instead of “bad password”
- etc.
What’s wrong? I knew I had seen this working in the past! And more important I was able to get it working in my lab environment just by the flip of the switch.
set aaa param -enableEnhancedAuthFeedback YES
I tried updates (12.0 to 12.0 latest, 12.0 to 12.1), re-import a fresh blank 12.1 VPX, recreate the custom theme, etc.
Long story short…
Turned out in the end the problem was with the classic authentication policies (i.e. “ns_true”) being used in conjunction with the RfWebUI theme.
The solution was to change them into advanced authentication policies (i.e. “true”)!
Knowing this I even found the matching CTX230677 but searching just for the error message I was never able to land at that article – hence I decided to briefly share the solution here.