Jump to content
Welcome to our new Citrix community!
  • 0

SSO to VDA fails (Azure AD IdP, connection


Kari Ruissalo

Question

We have set up SAML so that we're using Azure AD as IdP and Citrix Gateway as SP.

 

We have implemented Citrix FAS and are able to enumerate resources in StoreFront, but if we try launching an application we are stuck on the logon screen for a bit before the session is terminated.

 

In VDA log I can see Event Id 1030,  Source Citrix Desktop Service):

The Citrix Desktop Service detected that a user session has ended. Session eca9299d-d73c-469d-bdee-8fbf0a45aa14 for user '' has ended; reason code ConnectionFailure.

 

We have the FAS policy in place and it's applied to Citrix Controllers, VDA and StoreFronts. The issuing CA is also found in the Intermediate Certificate Authorities Computer Account certificate store.

 

What are we missing?

 

Versions

Citrix ADC: 12.1 55.13

StoreFront: 1912

FAS: 1909

CVAD: 7.17

Link to comment

3 answers to this question

Recommended Posts

  • 0

your FAS logs should be showing you if there are errors associated with gaining the required auth components, and StoreFront is pretty verbose in logging to - with FAS it's often something simple like TrustRequestsSentToTheXmlServicePort configurations etc

 

https://www.citrix.com/blogs/2019/04/24/troubleshooting-the-federated-authentication-service/

https://docs.citrix.com/en-us/federated-authentication-service/config-manage/troubleshoot-logon.html

Link to comment
  • 0

Hi Kari Ruissalo did you ever resolve this issue, if so, was it related to FAS or something else.

We seem to be getting the exact same error for some users and only when launching new Published apps.

Apps that were published prior to whatever broke still launch successfully. But new apps that are publisded from the same image/machine catalog/delivery group trigger this error.

Again this is not affecting everyone only some users and not sure if it is related to their Azure AD account or something on the Citrix Cloud Infrastructure 

Link to comment
  • 0
On 6/9/2022 at 8:56 PM, Johnny Noe1709159771 said:

Hi Kari Ruissalo did you ever resolve this issue, if so, was it related to FAS or something else.

We seem to be getting the exact same error for some users and only when launching new Published apps.

Apps that were published prior to whatever broke still launch successfully. But new apps that are publisded from the same image/machine catalog/delivery group trigger this error.

Again this is not affecting everyone only some users and not sure if it is related to their Azure AD account or something on the Citrix Cloud Infrastructure 

 

I think with this one it was about the CRL not being reachable. Got it fixed according to the Citrix article:

https://support.citrix.com/article/CTX219849

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...