VIP ADFS PUSH notifications stuck in loop (VIP Service Exception: Access Denied)
search cancel

VIP ADFS PUSH notifications stuck in loop (VIP Service Exception: Access Denied)


Article ID: 175066


Updated On:


VIP Service


PUSH notifications stuck in a loop. If the PUSH is accepted, another follows. Or non-Java login fails with VIP Service Exception error. 

The VIP Plugin log shows 

VIP Service exception : System.Security.Cryptography.CryptographicException: Access Denied

System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
   at System.Security.Cryptography.
X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at SymcVIP.AuthenticationAdapterWindowsAccountName.SignUserName(String vipUser)
 6/4/2019 1:38:33 PM : Log File Path : C:\Program Files\Symantec\ADFS3\
 6/4/2019 1:38:33 PM : VipService Authentication URL:


The VIP ADFS plugin doesn't have sufficient rights to the VIP certificate being used for authentication. This is often caused by storing the VIP certificate in a folder where rights inherited from a folder or subfolder, preventing the cert from being properly accessed during VIP authentications. 


Place the VIP Certificate downloaded from VIP Manager into the ADFS plugin installation folder. (i.e., C:\Program Files\Symantec\ADFS). Change the path of the cert in the VIP ADFS configuration tool.