Posted August 12, 20168 yr Netscaler NS11.1 47.14.nc Xenapp 7.9 StoreFront 3.6 Converting to SAML from a working Radius+LDAP environment. User attempts to log in and all seems working until the get to VDA. When users try to login they get "The request is not supported". Once they click "OK" they get presented and "empty" ID. Usually it would say a username. I click on "Other User" and log in with username and password, I log in successfully. Below is the log in the VDA re: SAML -------------------------- [s106] Identity Assertion Logon. Logging in [Certificate: [subject] CN=User1, OU=[NAME], OU=[NAME], DC=[NAME], DC=com [issuer] CN=[NAME]-CA, DC=[NAME], DC=com [serial Number] 4############################# [Not Before] 8/12/2016 9:12:42 AM [Not After] 8/19/2016 9:12:42 AM [Thumbprint] 166########## ] --------------------------- In Citrix Docs it has reference link to smart card setup. Does SMART CARD have to be enabled in any part of the SAML setup? What could be a possible cause? See Attachments for visual.
September 23, 20168 yr Author Roel, 1) Make sure your using UPN when passing the SAML from IDP to Netscaler 2) It may be related to Certificate Authority. Add this key to your VDAs HKEY_Local_Machine\System\CurrentControlSet\Control\LSA\Kerberos\Parameters Value Name: UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors Value Type: DWORD Value Data: 1 Let me know if this worked for you
April 25, 20196 yr On 2/20/2017 at 10:13 PM, Patrick Hazen1709157774 said: Solution B in https://support.citrix.com/article/CTX218941 fixed it for us. Also helpful to me.
Archived
This topic is now archived and is closed to further replies.