Jump to content
Welcome to our new Citrix community!

Malformed Assertion sent to Netscaler

Recommended Posts

I am attempting to setup Xenapp 7.12 and a Netscaler Gateway with SAML SSO authentication between two separate Forests. I have AD FS setup between the two Forests and I have Citrix installed and configured with the Netscaler Gateway. When I browse to the NetScaler Gateway URL it redirects me to the ADFS landing page where I select which domain I want to login to. When I make a selection it then sends me back to the Netscaler Gateway /cgi/samlauth and says "Malformed Assertion sent to Netscaler" and I am not sure where the issue is or what I need to do to fix it. I spent the afternoon working on this and made little progress. I'm hoping someone can point me in the right direction.

Link to comment
Share on other sites

I checked the Netscaler and the SAML server Signature Algorithm is set to use RSA-SHA256 and the Digest Method is set to SHA256 as well.


I have been leaning towards a certificate issue but I'm not sure what the issue is. I have two forests setup to test this. Essentially an "exterior.local" domain and "internal.local" domain. I set the adfs servers to use adfs.internal.local and adfs.exterior.local respectively. I created certificates for those names in their respective CA's. Citrix is installed on the internal.local domain so I used the adfs.internal.local certificate for the IDP Certificate. I tried switching them to the adfs.exterior.local certificate but it just made the situation worse.


Do the IDP certificates need to have some special features set for them to work? When I created them I generated essentially basic web server certificates out of the CA with a single name. I've thought about switching to a wildcard cert but I'm not sure if the name is the issue or not.

Link to comment
Share on other sites

  • 3 years later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...