PUSH notifications stuck in a loop. If the PUSH is accepted, another follows. Or non-Java login fails with VIP Service Exception error.
The VIP Plugin log shows
VIP Service exception : System.Security.Cryptography.CryptographicException: Access Denied
at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
at SymcVIP.AuthenticationAdapterWindowsAccountName.SignUserName(String vipUser)
6/4/2019 1:38:33 PM : Log File Path : C:\Program Files\Symantec\ADFS3\
6/4/2019 1:38:33 PM : VipService Authentication URL: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_4
The VIP ADFS plugin doesn't have sufficient rights to the VIP certificate being used for authentication. This is often caused by storing the VIP certificate in a folder where rights inherited from a folder or subfolder, preventing the cert from being properly accessed during VIP authentications.
Place the VIP Certificate downloaded from VIP Manager into the ADFS plugin installation folder. (i.e., C:\Program Files\Symantec\ADFS). Change the path of the cert in the VIP ADFS configuration tool.