The customer is setting up a new SAML store to use SecurAuth in place of smart cards for certain MAC users (due to a known compatibility of Smart Cards with MAC devices)

When navigating to the URL portal, we are returned with the following error after entering the PIN and being redirected to a second URL:

Error: at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, SignedXml signedXml) at MFC.WebApp.SecureAuth.SAML20SPInitPost.ReceiveAuthnRequest(AuthnRequest& authnRequest, String& relayState) at MFC.WebApp.SecureAuth.SAML20SPInitPost.Page_Load(Object sender, EventArgs e)

Review CTX220632 - How to Configure SAML- Introduction? to make sure pre-requisites are installed.

If using domain/username for SAML authentication, this will not work. For SAML authentication to work UPN naming convention is needed. 

Engage SecureAuth by opening a support case with them in order to decipher what the error message received means and recommended corrective actions. Debug view logs should also help SecureAuth support team on that. Once we (StoreFront) receive the credentials with the right format our SAML authentication module should process the request successfully. How to deliver the credentials in the supported UPN format and at that point we can discuss this further. 

---

Problem Cause

PC1 - Missing Pre-Requisites

https://support.citrix.com/article/CTX220632 (to launch resources using StoreFront SAML authnetication, tokens are required, therefore FAS is required)

PC2 - Using a non supported iDP

SecureAuth is NOT in the list of supported iDP's and have not being tested with Citrix StoreFront deployments; But StoreFront SAML Deployments are possible  when using SAML 2.0-compliant identity providers (IdPs)

PC3 - Credentials in use currently are in the domain name\username format which is not a support naming convention for SAML authentication. UPN naming convention should be used instead

Trying to setup SAML authentication in StoreFront 3.12 leveraging an iDP provide called SecureAuth; getting the following errors when redirecting URL: Error: at ComponentSpace.SAML2.Utility.XmlSignature.Verify(XmlElement xmlElement, AsymmetricAlgorithm signingKey, SignedXml signedXml) at MFC.WebApp.SecureAuth.SAML20SPInitPost.ReceiveAuthnRequest(AuthnRequest& authnRequest, String& relayState) at MFC.WebApp.SecureAuth.SAML20SPInitPost.Page_Load(Object sender, EventArgs e)

StoreFront 3.12 SAML Authentication  - https://docs.citrix.com/en-us/storefront/3-12/plan/user-authentication.html
Required Attributes in the SAML 2.9 message: https://msdn.microsoft.com/en-us/library/azure/dn641269.aspx