Scenario: A Citrix Architect has deployed an authentication setup with a ShareFile load-balancing virtual server. The NetScaler is configured as the Service Provider and Portalguard server is utilized as the SAML Identity Provider. While performing the functional testing, the architect finds that after the users enter their credentials on the logon page provided by Portalguard, they get redirected back to the Netscaler Gateway page at uri /cgi/samlauth/ and receive the following error. "SAML Assertion verification failed; Please contact your administrator." The events in the /var/log/ns.log at the time of this issue are as follows: Feb 23 20:35:21 10.148.138.5 23/02/2018:20:35:21 GMT vorsb1 0-PPE-0 : default AAATM Message 3225369 0 : "SAML : ParseAssertion: parsed attribute NameID, value is nameid" Feb 23 20:35:21 10.148.138.5 23/02/2018:20:35:21 GMT vorsb1 0-PPE-0 : default AAATM Message 3225370 0 : "SAML verify digest: algorithms differ, expected SHA1 found SHA256" Feb 23 20:35:44 10.148.138.5 23/02/2018:20:35:44 GMT vorsb1 0-PPE-0 : default AAATM Message 3225373 0 : "SAML : ParseAssertion: parsed attribute NameID, value is named Feb 23 20:35:44 10.148.138.5 23/02/2018:20:35:44 GMT vorsb1 0-PPE-0 : default AAATM Message 3225374 0 : "SAML verify digest: Feb 23 20:37:55 10.148.138.5 23/02/2018:20:37:55 GMT vorsb1 0-PPE-0 : default AAATM Message 3225378 0 : "SAML : ParseAssertion: Feb 23 20:37:55 10.148.138.5 23/02/2018:20:37:55 GMT vorsb1 0-PPE-0 : default AAATM Message 3225379 0 : "SAML verify digest: What should the architect change in the SAML action to resolve this issue? A) Signature Algorithm to SHA 256 B) The Digest Method to SHA 256 C) The Digest Method to SHA 1 D) Signature Algorithm to SHA 1

Question

Quizplus · Accepted Answer

The Answer of Scenario: A Citrix Architect has deployed an authentication setup with a ShareFile load-balancing virtual server. The NetScaler is configured as the Service Provider and Portalguard server is utilized as the SAML Identity Provider. While performing the functional testing, the architect finds that after the users enter their credentials on the logon page provided by Portalguard, they get redirected back to the Netscaler Gateway page at uri /cgi/samlauth/ and receive the following error. "SAML Assertion verification failed; Please contact your administrator." The events in the /var/log/ns.log at the time of this issue are as follows: Feb 23 20:35:21 10.148.138.5 23/02/2018:20:35:21 GMT vorsb1 0-PPE-0 : default AAATM Message 3225369 0 : "SAML : ParseAssertion: parsed attribute NameID, value is nameid" Feb 23 20:35:21 10.148.138.5 23/02/2018:20:35:21 GMT vorsb1 0-PPE-0 : default AAATM Message 3225370 0 : "SAML verify digest: algorithms differ, expected SHA1 found SHA256" Feb 23 20:35:44 10.148.138.5 23/02/2018:20:35:44 GMT vorsb1 0-PPE-0 : default AAATM Message 3225373 0 : "SAML : ParseAssertion: parsed attribute NameID, value is named Feb 23 20:35:44 10.148.138.5 23/02/2018:20:35:44 GMT vorsb1 0-PPE-0 : default AAATM Message 3225374 0 : "SAML verify digest: Feb 23 20:37:55 10.148.138.5 23/02/2018:20:37:55 GMT vorsb1 0-PPE-0 : default AAATM Message 3225378 0 : "SAML : ParseAssertion: Feb 23 20:37:55 10.148.138.5 23/02/2018:20:37:55 GMT vorsb1 0-PPE-0 : default AAATM Message 3225379 0 : "SAML verify digest: What should the architect change in the SAML action to resolve this issue? A) Signature Algorithm to SHA 256 B) The Digest Method to SHA 256 C) The Digest Method to SHA 1 D) Signature Algorithm to SHA 1

Scenario: a Citrix Architect Has Deployed an Authentication Setup with a ShareFile