Citrix DaaS: Single sign-on (SSO) not working after enabling FAS
Article ID: CTX585686
Updated On:
Description
- In the DaaS environment, Single sign-on (SSO) did not work after enabling FAS, and users were prompted to enter credentials.
- FAS was enabled with Azure AD as IDP in a single-domain environment.
- Event ID 105, 120 and 121 logged on the FAS Server, indicated that the Certificate was issued by the Windows Certificate Authority (CA) for the user.
- However, event ID 204 was not logged on the FAS Server. Event ID 204 is logged confirming that the relying party (the Windows VDA) uses the certificate to complete Windows single sign-on for the user as authorized by Citrix Workspace and CIP in your Citrix Cloud tenant.
- Event ID 106 was also not seen on the VDA, which is logged when the certificate from the CA that was issued for the user is used for single sign-on every time the user launches the virtual desktop through Workspace.
Resolution
After uninstalling Anixis Password Protection software Citrix FAS authentication worked successfully.
Problem Cause
A third-party credential provider on the VDA was interfering with the logon process.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers
{F347212E-AF6B-4726-92B3-E4DF3388D58C}
]
@="AnixisPPCProvider"
Issue/Introduction
In the DaaS environment, Single sign-on (SSO) did not work after enabling FAS, and users were prompted to enter credentials.
Was this article helpful?
Yes
No
Powered by
