Citrix ServiceDesk ADFS work around

 

 

Recently we have implemented single signon w/ADFS 3.0 to Citrix ServiceDesk

It was a fairly straightforward rollout following the folliwng guide.

Set Up Single Sign-On using ADFS 3.0

Howver, when getting to the point of creating the trust on the Citrix using the Citrix Identity webform/Organization center the process fail flat.

not getting any redirects to our ADFS page just a simple generic error provided by the gotoassist page.

After verifying the ADFS configuration on my side multiple times we submitted a ticket to Citrix.

It was escalated to engineering and after a few days got a workaround!

“Engineering believes they’ve found a bug with metadata wrongly being rejected from the authentication process”

In the identity provider section of the organization center where it calls for our metadata URL replace that with the following URL

https://ssl-proxy.my-addr.org/myaddrproxy.php/https/adfs.mydomain.com/FederationMetadata/2007-06/FederationMetadata.xml

As you can see, their solution is to us ssl-proxy.my-addr.org which is according to them a temporary fix until they can clean up the bug rejecting metadata.

 

casey jones / September 4, 2015 / ADFS / 0 Comments