After upgrading NetScaler to build 14.1 47.46 or 13.1 59.19 customers might experience issues with Authentication.This can manifest as a «broken» login page, especially when using authentication methods like DUO configurations based on Radius authentication, SAML, or any Identity Provider (IDP) that relies on custom scripts.
Note : This behavior can possibly be due to the Content Security Policy (CSP) header being enabled by default in this NetScaler build, especially when CSP was not enabled prior to the upgrade.
Lösung
To resolve this issue temporarily, you need to disable the default CSP header on your NetScaler appliance. After disabling, it’s recommended to flush the cache to ensure the changes take effect immediately.
To ensure that your configurations work with CSP , please reach out to the support team so that we can identify the issue and fix it for your configuration.
Steps to Disable CSP Header:
Using Command Line Interface (CLI): Execute the following commands from Netscaler CLI:
set aaa parameter -defaultCSPHeader DISABLED
save ns config
Using Graphical User Interface (GUI):
Step 1: Log in to the NetScaler GUI.
Step 2: Navigate to NetScaler Gateway > Global Settings.
Step 3: Under the «Authentication Settings» section, click on Change authentication AAA settings.
Step 4: On the «Configure AAA Parameters» page, locate the Default CSP Header field. From the dropdown menu, select DISABLED.
Click OK to save the changes.
Post-Configuration Recommendation:
While enabling or disabling the default CSP policy, you are recommended to run the following command in the CLI
flush cache contentgroup loginstaticobjects
After performing the steps above, attempt to access your NetScaler Gateway authentication portal to validate if the issue is resolved.
Zusatz
Bei Fragen und Problemen können Sie sich gerne an Ihren AXACOM Verantwortlichen wenden.