x.509 Certificate Rejected for SaaS SSO

I’m trying to setup single sign-on to a new SaaS app with Citrix Access Control and ran into a strange issue. The SaaS app is rejecting my x.509 certificate because it is incorrect.

Let’s look at this a little closer.

When you create a new SSO configuration for a SaaS app in Citrix Access Control, there is a link on the right-side of the page that includes your metadata, which is specific to your workspace.

Selecting that link, gives you all of this information

In many cases, you can simply copy the information in the X509Certificate section and paste that into the SaaS app where it asks for the certificate. However, certain SaaS apps won’t be satisfied. Certain SaaS apps will say the certificate is invalid or not configured correctly.

To solve this, simply do the following:

  1. Copy the contents within the X509Certifiate section and paste into Notepad.
  2. In Notepad, add the following to the first line: —–BEGIN CERTIFICATE—–
  3. In Notepad, add the following to the last line: —–END CERTIFICATE—–
  4. Copy everything within Notepad and paste into the SaaS application

Certain SaaS apps require the Begin Certificate/End Certificate items.

Daniel (Follow on Twitter @djfeller)
Citrix Workspace Poster
XenApp/XenDesktop On-Prem Poster
XenApp/XenDesktop Cloud Service Poster

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.