Storefront 3.12 - SAML authentication is not working.when using IDP like Forge Rock

book

Article ID: CTX272454

calendar_today

Updated On:

Description

Storefront 3.12 - SAML authentication is not working with IDP like Forge Rock.

Error Message on Store Front Page

Error Message: "There was a Failure with mapped account."

Following Error message is thrown in the Event Viewer

The security token failed validation.
System.Security.Cryptography.CryptographicException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Digest verification failed for Reference '#s2d0dbe06b941391e7c6c5ca25b1c37b853e73e2cb'.
at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource)
at System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource)
at System.IdentityModel.SignedXml.EnsureDigestValidity(String id, Object resolvedXmlSource)
at System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement()
at System.IdentityModel.EnvelopedSignatureReader.Read()
at System.Xml.XmlReader.ReadEndElement()
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadAssertion(XmlReader reader)
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadToken(XmlReader reader)
at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader)
at Citrix.DeliveryServices.Authentication.Saml20.SamlExtensions.GetSecurityToken(String assertion, SecurityTokenHandlerCollection securityTokenHandlers)
at Citrix.DeliveryServices.Authentication.Saml20.SamlManager.ProcessSamlResponse(String base64EncodedResponse, Boolean compressed)

Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Citrix Authentication Service" />
<EventID Qualifiers="0">1</EventID>
<Level>2</Level>
<Task>1263</Task>
<Keywords>0x80000000000000</Keywords>
<TimeCreated SystemTime="2019-10-01T10:17:09.000000000Z" />
<EventRecordID>22543</EventRecordID>
<Channel>Citrix Delivery Services</Channel>
<Computer>StoreFront</Computer>
<Security />
</System>
<EventData>
<Data>The security token failed validation.
System.Security.Cryptography.CryptographicException, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
Digest verification failed for Reference '#s2d0dbe06b941391e7c6c5ca25b1c37b853e73e2cb'.
at System.IdentityModel.Reference.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource)
at System.IdentityModel.StandardSignedInfo.EnsureDigestValidityIfIdMatches(String id, Object resolvedXmlSource)
at System.IdentityModel.SignedXml.EnsureDigestValidity(String id, Object resolvedXmlSource)
at System.IdentityModel.EnvelopedSignatureReader.OnEndOfRootElement()
at System.IdentityModel.EnvelopedSignatureReader.Read()
at System.Xml.XmlReader.ReadEndElement()
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadAssertion(XmlReader reader)
at System.IdentityModel.Tokens.Saml2SecurityTokenHandler.ReadToken(XmlReader reader)
at System.IdentityModel.Tokens.SecurityTokenHandlerCollection.ReadToken(XmlReader reader)
at Citrix.DeliveryServices.Authentication.Saml20.SamlExtensions.GetSecurityToken(String assertion, SecurityTokenHandlerCollection securityTokenHandlers)
at Citrix.DeliveryServices.Authentication.Saml20.SamlManager.ProcessSamlResponse(String base64EncodedResponse, Boolean compressed)
</Data>
</EventData>
</Event>

Resolution

This issue is fixed in 1912 CU1

Problem Cause

Line Breaks are seen in Token provided by IDP and SF is not able to process it.

Was this article helpful?

thumb_up Yes

thumb_down No

Welcome to "KB Articles"