Citrix published a solution for this [CTX224908]; saying hit the LB first and have it populate “NSC_TASS” cookie. That might not work for all audiences.
Users tend to bookmark the login page. Which happens to be AAA page. When they go back to their bookmark they hit the AAA page directly with out the “NSC_TASS” cookie to redirect the user after successful authentication. Hence they see “Target URL not found for redirection”
In this post, I will go over how I handled this.
Prereq: NetScaler version 11.0 build 64.34 or later. [ref > CTX201949]
Setup: LB VIP and AAA VIP behind Content Switch [single URL]
Build CS VIP, LB VIP and AAA VIP per CTX201949; Add global responder policy to automatically redirect to hostname when NSC_TASS does not exist in the HTTP REQ
add responder policy res_pol_redirect_hostname "HTTP.REQ.URL.PATH_AND_QUERY.CONTAINS(\"/vpn/tmindex.html\") && http.REQ.HEADER(\"Cookie\").CONTAINS(\"NSC_TASS\").NOT" res_redirect_hostname -comment "handle no target resource after AAA Auth"
add responder action res_redirect_hostname redirect "\"https://\" + http.REQ.HOSTNAME" -responseStatusCode 302
bind responder global res_pol_redirect_hostname 100 END -type REQ_DEFAULT