NetScaler Enhanced Authentication Feedback throws Error Codes with RfWebUI Theme

NetScalers Enhanced Authentication Feedback is, despite being highly debatable from a security standpoint, a great feature in terms of usability.

Recently one of my customers had the requirement to enable it. But surprisingly we only received the error codes (4009, 4007, etc.) – not the error messages.

  • “4009” instead of “user unknown”
  • “4007” instead of “bad password”
  • etc.

NetScaler-Enhanced-Authentication-Feedback-throws-Error-Codes-with-RfWebUI-Theme

What’s wrong? I knew I had seen this working in the past! And more important I was able to get it working in my lab environment just by the flip of the switch.

set aaa param -enableEnhancedAuthFeedback YES

I tried updates (12.0 to 12.0 latest, 12.0 to 12.1), re-import a fresh blank 12.1 VPX, recreate the custom theme, etc.

Long story short…

Turned out in the end the problem was with the classic authentication policies (i.e. “ns_true”) being used in conjunction with the RfWebUI theme.

The solution was to change them into advanced authentication policies (i.e. “true”)!

Knowing this I even found the matching CTX230677 but searching just for the error message I was never able to land at that article – hence I decided to briefly share the solution here.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.