I’m trying to setup single sign-on to a new SaaS app with Citrix Access Control and ran into a strange issue. The SaaS app is rejecting my x.509 certificate because it is incorrect.
Let’s look at this a little closer.
When you create a new SSO configuration for a SaaS app in Citrix Access Control, there is a link on the right-side of the page that includes your metadata, which is specific to your workspace.
Selecting that link, gives you all of this information
In many cases, you can simply copy the information in the X509Certificate section and paste that into the SaaS app where it asks for the certificate. However, certain SaaS apps won’t be satisfied. Certain SaaS apps will say the certificate is invalid or not configured correctly.
To solve this, simply do the following:
- Copy the contents within the X509Certifiate section and paste into Notepad.
- In Notepad, add the following to the first line: —–BEGIN CERTIFICATE—–
- In Notepad, add the following to the last line: —–END CERTIFICATE—–
- Copy everything within Notepad and paste into the SaaS application
Certain SaaS apps require the Begin Certificate/End Certificate items.