Jump to content
Updated Privacy Statement

Error: "Cannot complete your request" when login to the Netscaler with SAML


Go to solution Solved by netorcurs,

Recommended Posts

hi, 

can someone give me a hint, i can't find an error in my saml configuration, when i log in i find the following in the storefront eventlog:

eventerrors: 3, 8 & 10

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Error when requesting with HTTP-Status 404: Not Found.

Thanks!

Link to comment
Share on other sites

XML is trusted.

Eventlog - Error 10

 

Eine CitrixAGBasic-Anmeldeanforderung ist fehlgeschlagen.
Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=3.23.0.0, Culture=neutral, PublicKeyToken=null
Authenticate encountered an exception.
   bei Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
   bei Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login()

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Der Remoteserver hat einen Fehler zurückgegeben: (403) Unzulässig.
Url: https://127.0.0.1/Citrix/StoreSAMLAuth/CitrixAGBasic/Authenticate
ExceptionStatus: ProtocolError
ResponseStatus: Forbidden
   bei System.Net.HttpWebRequest.GetResponse()
   bei Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req)
   bei Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders)
   bei Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)

 

Link to comment
Share on other sites

13 minutes ago, Jeff Riechers said:

Make sure you have loopback using http enabled.  As you are using the loopback there that IP won't match your https cert.

Can you explain to me what you mean exactly?
i find it strange that i don't get a 2 factor query, shouldn't that already appear before this error message?

Link to comment
Share on other sites

As per my understanding you have ICA proxy setup, with NetScaler Gateway set to perform SAML authentication. In this scenario , user would authenticate at the IDP , and then submit assertion to NetScaler Gateway. Either IDP has to return the credential which you can submit to storefront using traffic policy or on the store the option delegate authentication to NetScaler gateway is enabled. https://docs.citrix.com/en-us/storefront/3-12/configure-authentication-and-delegation/configure-authentication-service.html  

Link to comment
Share on other sites

  • 2 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...