netorcurs Posted April 8 Share Posted April 8 hi, can someone give me a hint, i can't find an error in my saml configuration, when i log in i find the following in the storefront eventlog: eventerrors: 3, 8 & 10 System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Error when requesting with HTTP-Status 404: Not Found. Thanks! Link to comment Share on other sites More sharing options...
Jeff Riechers Posted April 8 Share Posted April 8 Look under the Applications and services Logs under Citrix Delivery Service. This usually is because you don't have delegation to NetScaler setup, or XML service not set to trust. Link to comment Share on other sites More sharing options...
netorcurs Posted April 8 Author Share Posted April 8 XML is trusted. Eventlog - Error 10 Eine CitrixAGBasic-Anmeldeanforderung ist fehlgeschlagen. Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=3.23.0.0, Culture=neutral, PublicKeyToken=null Authenticate encountered an exception. bei Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied) bei Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login() System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 Der Remoteserver hat einen Fehler zurückgegeben: (403) Unzulässig. Url: https://127.0.0.1/Citrix/StoreSAMLAuth/CitrixAGBasic/Authenticate ExceptionStatus: ProtocolError ResponseStatus: Forbidden bei System.Net.HttpWebRequest.GetResponse() bei Citrix.DeliveryServicesClients.Utilities.HttpHelpers.ReceiveResponse(HttpWebRequest req) bei Citrix.DeliveryServicesClients.Authentication.TokenIssuingClient.RequestToken(String url, RequestToken requestToken, String primaryToken, String languages, CookieContainer cookieContainer, IEnumerable`1 acceptedResponseTypes, IDictionary`2 additionalHeaders) bei Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied) Link to comment Share on other sites More sharing options...
Jeff Riechers Posted April 8 Share Posted April 8 Make sure you have loopback using http enabled. As you are using the loopback there that IP won't match your https cert. Link to comment Share on other sites More sharing options...
netorcurs Posted April 8 Author Share Posted April 8 13 minutes ago, Jeff Riechers said: Make sure you have loopback using http enabled. As you are using the loopback there that IP won't match your https cert. Can you explain to me what you mean exactly? i find it strange that i don't get a 2 factor query, shouldn't that already appear before this error message? Link to comment Share on other sites More sharing options...
Jeff Riechers Posted April 8 Share Posted April 8 When you have the NetScaler set to use SAML, the external federated provider does all the MFA and then returns with the data to the Storefront URL. Link to comment Share on other sites More sharing options...
Shruti Vijay Dhamale Posted April 8 Share Posted April 8 As per my understanding you have ICA proxy setup, with NetScaler Gateway set to perform SAML authentication. In this scenario , user would authenticate at the IDP , and then submit assertion to NetScaler Gateway. Either IDP has to return the credential which you can submit to storefront using traffic policy or on the store the option delegate authentication to NetScaler gateway is enabled. https://docs.citrix.com/en-us/storefront/3-12/configure-authentication-and-delegation/configure-authentication-service.html Link to comment Share on other sites More sharing options...
Solution netorcurs Posted April 18 Author Solution Share Posted April 18 It was a problem with our dns, redirected it to a wrong store ... Thanks for the help folks! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now