Citrix Files for Outlook SSO issue

  • 1
  • Question
  • Updated 2 weeks ago
Our users authenticate using SSO; from the IE browser, they can use SSO successfully (tested with https://secure.sharefile.eu and the subdomain, also Citrix Files for Windows is working fine, but from the Citrix Files for Outlook 6.3 version from March the 14th, they cannot use SSO to authenticate.

The authentication process stops at the WebPop, so SSO is not working. 

This is what is captured in the log at the moment they want to sign in:

2019-05-09T 11:42:40|INFO|[Startup]

2019-05-09T 11:42:40|INFO|[GlobalMessageListener] Registering message listeners.

2019-05-09T 11:42:41|ERROR|[RegistryHelper] Unable to get what's new version value from registry.

System.NullReferenceException: De objectverwijzing is niet op een exemplaar van een object ingesteld.

   bij Malone.Helpers.RegistryHelper.GetWhatsNewVersion()

2019-05-09T 11:42:42|INFO|[ConnectionService]  -> True

2019-05-09T 11:42:42|INFO|[Startup] Windows version Windows8.1 64-bit  (Microsoft Windows NT 6.3.9600.0)

2019-05-09T 11:42:42|INFO|[Startup] .NET Framework CLR version 4.0.30319.42000

2019-05-09T 11:42:42|INFO|[Startup] .NET Framework Version47OrLater

2019-05-09T 11:42:42|INFO|[Startup] Outlook version Outlook 2013 64-bit (15.0.0.5125)

2019-05-09T 11:42:42|INFO|[Startup] Plugin version 6.3.21.1

2019-05-09T 11:42:42|INFO|[Startup] Current UI culture nl

2019-05-09T 11:42:42|INFO|[Startup] Install Context PerMachine

2019-05-09T 11:42:42|INFO|[RegistryHelper] Added OLP to DoNotDisableAddinList in registry.

2019-05-09T 11:42:42|INFO|[InspectorService] Starting.

2019-05-09T 11:42:42|INFO|[ExplorerService] Starting.

2019-05-09T 11:42:42|INFO|[ExplorerService] Explorer opening. 1 explorers currently open.

2019-05-09T 11:42:48|INFO|[RibbonService] Disabling all controls

2019-05-09T 11:42:53|INFO|[LoginService] Attempting Login.

2019-05-09T 11:42:53|INFO|[LoginService] Attempting to log in new user.

2019-05-09T 11:42:53|INFO|[OAuthTokenProvider] Trying to get OAuth token using SSO authentication.

2019-05-09T 11:42:53|INFO|[OAuthTokenProvider] Detected VDA environment, attempting VDA SSO.

2019-05-09T 11:42:53|INFO|[VdaSsoTokenProvider] Attempting to load OAuth token from file.

2019-05-09T 11:42:53|INFO|[VdaSsoTokenStorageProvider] VDA SSO token file does not exist.

2019-05-09T 11:42:53|ERROR|[VdaSsoTokenProvider] No data received from vdaSso Authentication

2019-05-09T 11:42:53|INFO|[OAuthTokenProvider] Attempting SAML SSO.

2019-05-09T 11:42:53|INFO|[SamlAuthTokenProvider] Web pop is required.

2019-05-09T 11:42:53|INFO|[OAuthTokenProvider] Suppress Workspace App SSO.

2019-05-09T 11:42:53|INFO|[OAuthTokenProvider] Attempting WebPop authentication.


Photo of Vincent

Vincent

  • 4 Posts
  • 0 Reply Likes

Posted 2 weeks ago

  • 1
Photo of Vincent

Vincent

  • 4 Posts
  • 0 Reply Likes
In addition, the user hives for the registry are configured as follows:

[HKEY_CURRENT_USER\Software\Citrix\ShareFile\SSO]

"ApiCP"="sf-api.eu"

"AppCP"="sharefile.eu"

"Method"="saml-integrated"

"UserConfigurable"=dword:00000000

"Subdomain"="clientdomain"

"Domain"="sharefile.eu"

I also tried to get things working by removing the values "Method" and "UserConfigurable", without result.




Photo of Douglas Goodman

Douglas Goodman, Sr. Software Engineer

  • 105 Posts
  • 30 Reply Likes
Hi Vincent - Sorry to hear you're having trouble logging in with SSO. Can you please describe what happens when the login window (web pop) is displayed and what is preventing you from logging in? The lines from your log file stop at the point that the login window is opened, so it's hard to tell what happens next. Also the registry values seem to be fine.

Thanks,
Doug
Photo of Vincent

Vincent

  • 4 Posts
  • 0 Reply Likes
Hi Doug, what happens is that I expect that SSO should not get stuck on the login window and that the authentication process gets handled seamlessly by the plugin. This is not the case. I can login manually, but that is not the purpose of SSO and I have to do this everytime in a new session.
Photo of Douglas Goodman

Douglas Goodman, Sr. Software Engineer

  • 105 Posts
  • 30 Reply Likes
Ok, I understand what you're saying. I don't think your account is configured correctly for SSO with SAML integrated. The log line below indicates that for the subdomain you provided web-based login is required:

2019-05-09T 11:42:53|INFO|[SamlAuthTokenProvider] Web pop is required.

Honestly, I am not the best person to assist you with SAML configuration. I'll have someone else comment on this thread for further help.

Thanks,
Doug


Photo of Kevin Glenn

Kevin Glenn, Escalation Engineer

  • 167 Posts
  • 20 Reply Likes
Hi Vincent,

Have you tried toggling "Enable Web Authentication" in the Single Sign-On settings within the web application?
Photo of Vincent

Vincent

  • 4 Posts
  • 0 Reply Likes
Hi Kevin, forgot to mention this issue only occurs on our Citrix VDAs. "Normal" Windows 10 endpoints can apply SSO successfully.