oAuth fails ADC SAML IdP on-prem SAML SP Gateway as Service Workspace in Citrix Cloud

oAuth fails ADC SAML IdP on-prem SAML SP Gateway as Service Workspace in Citrix Cloud

book

Article ID: CTX272371

calendar_today

Updated On:

Description

On-prem ADC configured as SAML IdP for Workspace in Citrix Cloud. This ADC is just doing single factor (LDAP) authentication. When we browse to our cloud gateway we are redirected to the netscaler where we authenticate with username and password. After authenticating against the netscaler, we are redirected back to workspace where we see an error stating federated authentication has failed. We see that Citrix Cloud returns a HTTP 400 bad request response, but not sure what about the request/payload that WS doesn't like which results in the 400 bad request “

Resolution

Open FW door on-prem ADC AAA LB VIP for the callback from Workspace cloud for oAuth token validation
Documentation to setup oauth can be found here :: https://docs.citrix.com/en-us/citrix-adc/13/aaa-tm/use-citrix-gateway-as-idp-for-citrix-cloud.html

Problem Cause

Gateway Service :: return a HTTP 400 bad request response.

Root cause :: Call back from WS to ADC to validate oAuth token exchange fail - dropped by on-prem FW

 

Cloud Citrix SAML SP logs

===========================

RequestUri=https://accounts.cloud.com/core/login-cip CallerIp=[*******] HttpMethod=POST RequestType=PostLogin IdpType=cipfed Environment= Method=CipMiddleware.AuthenticationFailed Message=Authentication failure due to error: "". Redirect to /core/callback?error=Federated%20authentication%20failed..

Powered by Wolken Software