SAML VDA error-"The Request is not supported"

[Eddie Santana]

Netscaler NS11.1 47.14.nc

Xenapp 7.9

StoreFront 3.6

Converting to SAML from a working Radius+LDAP environment.

 

 

User attempts to log in and all seems working until the get to VDA.

When users try to login they get "The request is not supported".

Once they click "OK" they get presented and "empty" ID. Usually it would say a username. 

I click on "Other User" and log in with username and password, I log in successfully. 

 

Below is the log in the VDA re: SAML 

 

--------------------------

 

[s106] Identity Assertion Logon.  Logging in [Certificate: [subject]

  CN=User1, OU=[NAME], OU=[NAME], DC=[NAME], DC=com

 

[issuer]

  CN=[NAME]-CA, DC=[NAME], DC=com

 

[serial Number]

  4#############################

 

[Not Before]

  8/12/2016 9:12:42 AM

 

[Not After]

  8/19/2016 9:12:42 AM

 

[Thumbprint]

  166##########

]

 

---------------------------

 

In Citrix Docs it has reference link to smart card setup.

Does SMART CARD have to be enabled in any part of the SAML setup?

What could be a possible cause?

 

See Attachments for visual.

 

 

 

 

 

[Chenxue Wu]

On 2/20/2017 at 10:13 PM, Patrick Hazen1709157774 said:

Solution B in https://support.citrix.com/article/CTX218941 fixed it for us.

Also helpful to me.

[Roel Cranen]

Hi Eddie,

 

did you ever got this fixed? I'm running into the same issue.

[Eddie Santana]

Roel,

 

1) Make sure your using UPN when passing the SAML from IDP to Netscaler

 

2) It may be related to Certificate Authority. Add this key to your VDAs

HKEY_Local_Machine\System\CurrentControlSet\Control\LSA\Kerberos\Parameters

Value Name: UseCachedCRLOnlyAndIgnoreRevocationUnknownErrors 
Value Type: DWORD 
Value Data: 1 

 

Let me know if this worked for you

[Patrick Hazen1709157774]

Solution B in https://support.citrix.com/article/CTX218941 fixed it for us.