"Cannot complete your request." After Azure AD/SAML Authentication

"Cannot complete your request." After Azure AD/SAML Authentication

book

Article ID: CTX310910

calendar_today

Updated On:

Description

External access via ADC with Azure AD MFA Authentication and redirected to StoreFront Store Receiver for Website receives "Cannot complete your request." notification.

The following Event IDs are displayed in the  

Log Name: Citrix Delivery Services
Source: Citrix Domain Services
Date:
Event ID: 1
Task Category: (1501)
Level: Information
Keywords: Classic
User: N/A
Computer: 
Description:

An authentication attempt was made for user: DomainName\FirstName.LastName with realm context that resulted in: Failed (Windows Error code: -1073741715)


Log Name: Citrix Delivery Services
Source: Citrix Authentication Service
Date: 
Event ID: 7
Task Category: (1005)
Level: Error
Keywords: Classic
User: N/A
Computer: 
Description:
CitrixAGBasic single sign-on failed because the credentials failed verification with reason: Failed.

The credentials supplied were;
user: FirstName.LastName
domain:



Log Name: Citrix Delivery Services
Source: Citrix Receiver for Web
Date: 
Event ID: 10
Task Category: (3001)
Level: Error
Keywords: Classic
User: N/A
Computer: 
Description:
A CitrixAGBasic Login request has failed.
Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticatorException, Citrix.DeliveryServicesClients.Authentication, Version=3.12.0.0, Culture=neutral, PublicKeyToken=null
Authenticate encountered an exception.
at Citrix.DeliveryServicesClients.Authentication.AG.AGAuthenticator.Authenticate(HttpRequestBase clientRequest, Boolean& passwordSupplied)
at Citrix.Web.AuthControllers.Controllers.GatewayAuthController.Login()

System.Net.WebException, System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
The remote server returned an error: (403) Forbidden.
Url: http://127.0.0.1/Citrix/StoreAuth/CitrixAGBasic/Authenticate
ExceptionStatus: ProtocolError
ResponseStatus: Forbidden

Resolution

The credential format was changed from onpremisessamaccountname to user.onpremisessamaccountname for the SAML Policy in Azure AD.

Problem Cause

The credential format was onpremisessamaccountname for the SAML Policy in Azure AD.
Powered by Wolken Software