Symantec App Center - AD users cannot be authenticate getting 401 - Unauthorized: Access is denied due to invalid credentials


Article ID: 159272


Updated On:


Symantec Products


After enabled External IDP (SAML), AD users cannot be authenticated when logging with App Center Agent.

In the App Center Agent, end user will get a error message saying:

401 - Unauthorized: Access is denied to invalid credentials.



Integrated Windows authentication (IWA) is set by default in the AD Federation Services. App Center supports "Forms-based authentication" (FBA) and it was not set in the web.config file.


In order to enable end users to be authenticated, we need to make sure that the "Forms-based authentication" (FBA) is properly set in the web.config file. FBA needs to be move to the top of the <localAuthenticationTypes> as below:


      <add name="Forms" page="FormsSignIn.aspx" />
      <add name="Integrated" page="auth/integrated/" />
      <add name="TlsClient" page="auth/sslclient/" />
      <add name="Basic" page="auth/basic/" />

The web.config file can be found under <>:\inetpub\adfs\ls. For more information, please see the following articles:

How to configure App Center with ADFS SAML provider

Configure ADFS for Forms Based Authentication (FBA):



Applies To

Symantec App Center 4.x

External Identity Provider - SAML