The web page may stop there or it may redirect to a Citrix Receiver where it requires a passcode because RBA logon failed:

The most common reason for the message RSA credentials not found is the Citrix Delegated Forms Authentication (DFA) forms authentication was not correctly configured, so no form was presented to RBA in which to place our credentials; therefore no RSA credentials were found.

If you are running a Fiddler HTTP trace you may see the errors shown here.  For a quick introduction, watch the Fiddler Quick Start Guide - HTTP Debugging Software.

Error Message: 405 HTTP verb error.  Redirect Loop Blank screen, never re-directs Agent Integration Error

Error Message: 405 HTTP verb error. 

Agent Integration Error

1. Install the RSA Authentication Agent for Citrix StoreFront and get authentication working with either a tokencode or passcode from a hardware or software token or when using a fixed passcode.
2. Install the RBA Helper.
3. Configure RBA with the Citrix NetScaler 11 with the DFA integration script for RBA.
4. See article 000033186 How to increase chances for successfully implementing Risk Based Authentication on the RSA Authentication Agent for Citrix StoreFront, as well as the RSA Authentication Agent for Citrix StoreFront 1.0 Installation and Administration Guide.

1. Launch an Administrator PowerShell window and set up the Citrix DFA-related PowerShell commandlets.
2. Enable the DFA Server using Install-DSDFAServer.
3. Create the DFA Client (used by NetScaler) using the command Add-DSCitrixPSKTrustedClient.  For example, 

   Add-DSCitrixPskTrustedClient -clientid 2189 -passphrase <passphrase>

4. Verify that the NetScaler is also configured to use DFA, via the NetScaler Admin Console.
5. Check DFA policy.  DFA serverURL.
6. Check ClientID.  In this example it is 2189.

7. And when debugging DFA:
   1. Check that Authentication Policy has the correct DFA serverURL and Client ID.
   2. Debug output is in LogonPoint files.
   3. DFA enables NetScaler to defer authentication to StoreFront, extends RSA SecurID to external users, and is required to support integration with Authentication Manager RBA.
8. Then install RSA Authenticaiton Agent for Citrix StoreFront for tokens or fixed passcodes, with the StoreFront DFA configured to use RSA SecurID.
   Use the PowerShell cmdlet to configure SecurID and to verify that SecurIDAuthentication is set as the ConversationFactory.

Set-DSDFAProperty -ConversationFactory “SecurIDAuthenticationEnter

9. Use PowerShell cmdlets to verify that DFA is enabled on the Citrix StoreFront.  See the section of the RSA Authentication Agent for Citrix StoreFront 1.0 Installation and Administration Guide on how to "Configure Delegated Forms Authentication to Use RSA SecurID Authentication."
10. Finally install the RBA Helper app and configure RBA on top of the working SecurID passcode setup.
    1. The RBA Helper is a small IIS web application that provides a form which Authentication Manager needs to post the RBA credentials.
    2. The RBA Helper performs no authentication and is not displayed to the user, but can be configured to be visible in order to debug.
    3. The RBA Helper places the RBA credentials into a secure cookie and redirects the authentication to the DFA URL. An integration script running in the DFA URL collects the cookie and submits the credentials to the Citrix agent.

• The Citrix product documentation on how to configure NetScaler and StoreFront for Delegated Forms Authentication (DFA)
• Refer to the Citrix Developer Configuration Guide to complete this multi-step, non-trivial process, specifically the section on the “Procedure for Configuring NetScaler VPN Virtual Server."
• On each StoreFront server locate the <ProgramFiles>\Citrix\Receiver StoreFront\Management\Cmdlets\DFAServerFPReadMe.rtf.