When I try to perform SAML authentication, the IDP returns an error message: ACS URL in request is invalid. Please contact your administrator The reason for this behavior is that the SAML service provider URL is not specified or is specified incorrectly. The correct format is (in the case of a Citrix NetScaler SP, this is implementation-dependent). If the SAML IDP outputs the following message...
When you want to run NetScaler, the question of the right platform quickly arises. Even companies that have been using NetScaler for years are confronted with this question at the latest when the next upgrade is due. The following hardware platforms are available: Citrix NetScaler MPX: NetScaler in hardware, MPX appliances have SSL acceleration chips Citrix NetScaler VPX: NetScaler as virtual...
Citrix has announced that the N-Factor Flow Visualizer will no longer be supported in the NetScaler ADC. I personally liked to design my N-Factor Flows using this visualizer, because it is convenient and hides the complexity of N-Factor. I also recommended that my customers design their multifactor authentication using this flow designer. However, later versions of NetScaler 14.1 shows N-Factor...
My college Thomas Kötzing did it: He published a tool to recover from lost passwords. You can find this tool from here. Of course, you need to have the content from /nsconfig/keys to do so.
Starting with February 2025, Citrix cancelled both, the CTP and CTA program. So I lost my status as a CTA. This is not just sad for me but for all of the great community we had. I became friends with some of my fellow CTAs and some of the CTPs as well. I am thankful for these 4 years full of exciting projects, friendship and a great community. I hope to see you again, my friends!
Last update: March 2nd 2025 With NetScaler 14.1, Citrix started to allow binding Web Application Firewall (WAF) policies to the gateway and to a AAA vServer or a Gateway. Why does it make sense to bind a WAF to the gateway? The more popular Citrix NetScaler became, the greater the interest of hackers in NetScaler grew. And NetScaler is now a very widely used tool for remote access. Due to the...
n-factor has been around for a few years now, and n-factor flows have also been on board a Citrix NetScaler for some time. n-factor flows are much clearer than “traditional” n-factor authentication, but there are a few obstacles on the way to a good deployment. One problem that I have failed at is SSO (Single Sign On) when the password is the second factor. The deployment I am...
One of the most annoying things that can happen to you is making changes to the wrong NetScaler. I don’t know about you, but it happens to me from time to time because I usually have several NetScalers open at the same time, ideally NetScalers with identical configurations: the test environment, the integration environment and the production environment. Experiments and trials in the...
In the latest versions of Citrix NetScaler ADC, the dig command is missing. Where did it disappear to and why? The reason is relatively simple: recent versions of BSD from version 10 do not support dig anymore, it has been replaced by drill. The good thing is that drill has almost the same functions and parameters as dig, so you just have to replace dig with drill. The current Citrix NetScaler...
A real-world problem: My customer had a gateway that could log on to two different domains (Domain1 and Domain2). For each domain, there was a Citrix Virtual Apps and Desktops (CVAD) environment. If you log on to Domain1, then you should get connected to CVAD1, if you log on to Domain2, then to CVAD2. There was an additional problem: it was possible that the same user with the same password...