Jump to content
Welcome to our new Citrix community!
  • 0

Too many logins using ADFS > SAML > FAS


Question

Hi - I have just configured NetScaler 13 using ADFS to authenticate and SAML, and Xenapp 7.15 CU7 with FAS. Everything seems to work with the exception of:
1) After NetScaler authenticates through ADFS login,

2) I am forced to login a second time at the StoreFront server,

3) I get the page for selecting a server desktop

4) Which opens with error: User name or password is incorrect (and an OKAY button)

3) And then I need to login again for a third time - and then get to my requested server desktop.

 

Any suggestions as to how I can eliminate the last two required authentication requests and have the desktop accept the credentials from the first?

Link to comment

6 answers to this question

Recommended Posts

  • 0

Hi Carl -

Does StoreFront have callback configured to Gateway?   StoreFront does have Callback configured.

 

Is StoreFront configured to fully delegate credentials to Gateway?    When Pass-thru from Gateway is selected logins fail with "Cannot complete your request"

 

Is Gateway configured to not send a domain name but instead is only sending the user's UPN from the SAML Assertion?   Unsure - How do I check that?

 

Link to comment
  • 0
20 minutes ago, Carl Stalhood1709151912 said:

Pass-through from Gateway must be enabled. Also, in Authentication Settings, click the gear icon for Gateway auth and click Credentials Delegation. Make sure it's checked.

 

Then check StoreFront Server > Event Viewer > Applications and Services > Citrix Delivery Services.

Hi Carl -

Every time I enable Pass-thru from Gateway I get Cannot complete your Request.
With it enabled, Events show Event IDs

10 - The remote server returned an error: (403) Forbidden.,

8 - None of the AG callback services responded

3 - The request was aborted: Could not create SSL/TLS secure channel..

 

Credential Delegation is checked.

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...