Jump to content
Welcome to our new Citrix community!

Netscaler(/ADC) 13 SAML to Safenet STA Storefront Error: FailedPasswordComplexity

Reinier van Dijk

Recommended Posts



Im trying to accomplish login on our Nerscaler(ADC) using SAML to our External identity provider (Safenet) 

So far I got the SAML login working, it was a quite straightforward setup.

I also see in the ns.log that the SAML Login succeed, however we get the lovely "Cannot complete your Request" error


"SAML: ParseAssertion: Response status success found !"  
"SAML: successfully verified digest and signature on saml:Response" 
 "aaatm_handler successfully parsed assertion client ip is c200050a, username is <Username>" 
"SAMLSP: LOGIN SUCCESS; Core <0>, Copying logout url <> to session for saml logout, user <Username>" 


I checked the eventlogs on the Storefront server and it reported the following error:




CitrixAGBasic single sign-on failed because the credentials failed verification with reason: FailedPasswordComplexity.

The credentials supplied were;
user: <Username>
domain: <OurDomain>



I have done some googling and Set the Credential Index To SECONDARY, but sadly this did not solve the problem either.

Beside that one I have no found any other potential fixes for this problem.

Anyone with some bright idea's?

Link to comment
Share on other sites

SAML Response should include the user's UPN (email address), not just samaccountname. NetScaler should be forwarding the UPN to StoreFront. NetScaler should not be including the domain (Session Profile > Published apps tab > SSO Domain). StoreFront should be configured to fully delegate credentials to NetScaler.

  • Like 2
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...