Jump to content
Welcome to our new Citrix community!

Citrix Storefront giving event id 2 and 10 after Netscaler uses saml to authenticate (NS as SP)


Richard Cowan1709159918

Recommended Posts

I am setting up a Netscaler as the SP with my1login as the idp. I can confirm I have that part working successfully but when i get to storefront I get the Cannot complete request error. In the event logs I am getting this error event id 10:

 

A CitrixAGBasic Login request has failed.
Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
Authenticate encountered an exception.
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
   at Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login()

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The remote server returned an error: (403) Forbidden.
Url: https://127.0.0.1/Citrix/Remote_MFAAuth/CitrixAGBasic/Authenticate
ExceptionStatus: ProtocolError
ResponseStatus: Forbidden
   at System.Net.HttpWebRequest.GetResponse()
   at Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)
   at Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders)
   at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
 

and event id 2:

 

Access is denied. Contact your system administrator.
Citrix.DeliveryServices.Security.Authentication.Exceptions.MissingDomainException, Citrix.DeliveryServices.Security, Version=3.12.0.0, Culture=neutral, PublicKeyToken=e8b77d454fa2a856
The domain of the credential cannot be determined.
   at Citrix.DeliveryServices.Security.Authentication.UserInfo.Parse(String username, String domain, String defaultDomain, String password, Nullable`1 passwordExpired)
   at Citrix.DeliveryServices.Authentication.CitrixAGBasic.Controllers.CitrixAGBasicController.AuthenticateWithoutPassword(String username, String domain, AccessInfo accessInfo)
   at Citrix.DeliveryServices.Authentication.CitrixAGBasic.Controllers.CitrixAGBasicController.Authenticate()

 

 

any help is greatly appreciated

Link to comment
Share on other sites

  • 9 months later...

I'm having exactly the same error message on my storefront, but not using saml. I can reproduce the issue if my password is expired and I have to set a new one via adc gateway. LDAPS is configured with 636 and "Allow password change" is also enabled. Password is changed correclty, but getting "Cannot complete your request" from storefront, user has to relogon on a fresh browser session to gateway, than all is working fine. 

 

Doing the same procedure directly to storefront web, no issues. Any ideas?

 

Best Regards

Julian

Link to comment
Share on other sites

  • 9 months later...
On 6/7/2021 at 10:45 AM, Julian Jakob said:

I'm having exactly the same error message on my storefront, but not using saml. I can reproduce the issue if my password is expired and I have to set a new one via adc gateway. LDAPS is configured with 636 and "Allow password change" is also enabled. Password is changed correclty, but getting "Cannot complete your request" from storefront, user has to relogon on a fresh browser session to gateway, than all is working fine. 

 

Doing the same procedure directly to storefront web, no issues. Any ideas?

 

Best Regards

Julian

 

Julian, i'm seeing the same issue on Netscaler (no SAML).  Did you ever resolve this behavior?

Link to comment
Share on other sites

11 hours ago, Austin Locke said:

 

Julian, i'm seeing the same issue on Netscaler (no SAML).  Did you ever resolve this behavior?

 

Hello Austin,

 

this was a known issue in ADC Firmware:

 

In some cases, after the user password is changed, the following error message appears, Cannot complete your request.
The error occurs because the modified password is corrupted after encryption.
[ NSHELP-25437 ]

 

which is fixxed starting with ADC 13.0 Build 71.40 and higher

 

Best Regards

Julian

  • Like 1
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...