Scenario: A Citrix Architect has deployed an authentication setup with a ShareFile load-balancing virtual server. The NetScaler is configured as the Service Provider and Portalguard server is utilized as the SAML Identity Provider. While performing the functional testing, the architect finds that after the users enter their credentials on the logon page provided by Portalguard, they get redirected back to the Netscaler Gateway page at uri /cgi/samlauth/ and receive the following error.
“SAML Assertion verification failed; Please contact your administrator.”
The events in the /var/log/ns.log at the time of this issue are as follows:
Feb 23 20:35:21 <local0.err> 10.148.138.5 23/02/2018:20:35:21 GMT vorsb1 0-PPE-0 : default AAATM Message 3225369 0 : ”SAML : ParseAssertion: parsed attribute NameID, value is nameid”
Feb 23 20:35:21 <local0.err> 10.148.138.5 23/02/2018:20:35:21 GMT vorsb1 0-PPE-0 : default AAATM Message 3225370 0 : “SAML verify digest: algorithms differ, expected SHA1 found SHA256”
Feb 23 20:35:44 <local0.err> 10.148.138.5 23/02/2018:20:35:44 GMT vorsb1 0-PPE-0 : default AAATM Message 3225373 0 : “SAML : ParseAssertion: parsed attribute NameID, value is named
Feb 23 20:35:44 <local0.err> 10.148.138.5 23/02/2018:20:35:44 GMT vorsb1 0-PPE-0 : default AAATM Message 3225374 0 : “SAML verify digest: algorithms differ, expected SHA1 found SHA256”
Feb 23 20:37:55 <local0.err> 10.148.138.5 23/02/2018:20:37:55 GMT vorsb1 0-PPE-0 : default AAATM Message 3225378 0 : ”SAML : ParseAssertion: parsed attribute NameID, value is nameid”
Feb 23 20:37:55 <local0.err> 10.148.138.5 23/02/2018:20:37:55 GMT vorsb1 0-PPE-0 : default AAATM Message 3225379 0 : ”SAML verify digest: algorithms differ, expected SHA1 found SHA256”
What should the architect change in the SAML action to resolve this issue?
Comments