Classic Authentication Schemes will soon be deprecated in Citrix Netscaler and should be replaced with nFactor AAA.
Here is a quick tutorial on how to configure nFactor Authentication.
Security > AAA Application Traffic > Policies > Authentication > Basic Policies > RADIUS
Select Servers > Add
Name RADIUS_Server
Server IP xxxx
Secret
Also test the radius reachability
Security > AAA Application Traffic > Policies > Authentication > Basic Policies > LDAP
Select Servers > Add
Fill in all the information that apply to your domain
Security > AAA – Application Traffic, Policies, Authentication, Advanced Policies > Policy. Then, click “Add”
Do the same thing for RADIUS
Create AAA virtual server
Configuration > Security > AAA – Application Traffic > Virtual Servers
Import private certificate and root cert
Click on “No Authentication Policy”
Select Policy LDAP_Pol
Click on Select next to “Next Factor”
Add an authentication policy label
Continue
Policy Binding > Select RADIUS_Pol
Goto Expression > Select END and BIND the authentication Policy Label
Done
BIND
Continue
Add a login schema on the right side
Select “No Login Schema”
Select Policy
Bind and Done
Add nFactor to the Gateway virtual server
Citrix Gateway > Virtual Servers > select VIP > Add Authentication Profile on the right
Create > Ok > Done
If you get this error after logging in, you have to enable SSO on the Authentication Template
Go to Security > AAA Application Traffic > Login Schema > lschema_dual_factor_builtin > … Edit
Edit the profile again
Click on the pencil
> More > Check Enable Single Sign On Credentials > OK > OK
References:
https://community.citrix.com/tech-zone/build/deployment-guides/gateway-mfa/#_=_