Cannot Complete Your Request when using Oauth on ADC
Article ID: CTX337200
Updated On:
Description
When using Oauth on ADC to perform SSO to Storefront, users receive "Cannot Complete Your Request" message.
Checking ns.log, you see a message similar to this - "OAUTH RP: Successfully verified incoming token/code, username: <Anonymous>, client ip 0x00000000". Storefront event viewer logs for Citrix also reference the username "Anonymous".
Resolution
On Oauth SP config on ADC, check that -CertEndpoint is configured. This is necessary to decrypt the ID Token.
The certendpoint is typically listed as "JWKS_URI" in the IDP config.
JWKS_URI can be found in the IDP configuration in the .wellknown URI (https://<IDPFQDN>/.well-known/openid-configuration). This needs to be configured in the -CertEndpoint config of the OAUTH SP on ADC.
The certendpoint is typically listed as "JWKS_URI" in the IDP config.
JWKS_URI can be found in the IDP configuration in the .wellknown URI (https://<IDPFQDN>/.well-known/openid-configuration). This needs to be configured in the -CertEndpoint config of the OAUTH SP on ADC.
Problem Cause
The CertEndpoint information is required to decrypt the token data. As a result, the username attribute cannot be extracted.
Was this article helpful?
Yes
No
Powered by
