Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 3 replies
  • Subscribers 27 subscribers
  • Views 1575 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

WAF with authentication error "found prefix match '/' but no authoritative id ref"

Joel Duffield

 I have WAF running fine without authentication. The user account I am testing with seems to work fine, I can use it with the VPN no issues.

When I turn on forms based authentication (authentication forwarding is turned off), the login page loads, I put in the creds, and then it just reloads back to the same login page.

In the reverseproxy.log I get this

"[authnz_aua:error] [pid 30766:tid 140414306731776] [client x.x.x.x:60696] [username] found prefix match '/' but no authoritative id ref, referer: https://..."

Happens if I use site path routing, or turn it off.

Anyone able to point me in the direction of what is going on?

Thanks



This thread was automatically locked due to age.
Parents
  • +1

    Hi  

    If authentication is enabled on the WAF server, I would request you to verify once with enabling "Basic" mode under Authentication forwarding. If there is no authentication on the server then set the action to "none". If the issue will be there after the recommended changes, please contact technical support and raise the service request to investigate the issue further.

  • 0 in reply to Keyur

    Okay I have narrowed it down. I haven't fixed it but at least made progress.

    Rights to access the site were set through an imported AD group. the user was an AD user. The user is not staying in the group. If I create a local user and assign it to the group it works fine, or if I assign the user directly to have access then it works.

     

    So my issue is with groups and AD accounts, so off to figure that out.

Reply
  • 0 in reply to Keyur

    Okay I have narrowed it down. I haven't fixed it but at least made progress.

    Rights to access the site were set through an imported AD group. the user was an AD user. The user is not staying in the group. If I create a local user and assign it to the group it works fine, or if I assign the user directly to have access then it works.

     

    So my issue is with groups and AD accounts, so off to figure that out.

Children
  • +1 in reply to Joel Duffield

    So i got it fixed with moving all the groups around. So for anyone looking for an answer in the future this error seems to mean that the user doesnt have access, test it out by directory adding the user to the authentication policy/profile. Then go do a whole bunch of reading on the messed up way AD groups work on XG, it is not pretty, but at least you can probably find a work around.