search cancel

VIP ADFS PUSH notification stuck in loop (VIP Service Exception: Access Denied)

book

Article ID: 175066

calendar_today

Updated On:

Products

VIP Integrations

Issue/Introduction

PUSH notifications stuck in a loop. If the PUSH is accepted, another follows. Or non-Java login fails with VIP Service Exception error. 

The VIP Plugin log shows 
 

 

VIP Service exception : System.Security.Cryptography.CryptographicException: Access Denied

System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName)
   at System.Security.Cryptography.
X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password, X509KeyStorageFlags keyStorageFlags)
   at SymcVIP.AuthenticationAdapterWindowsAccountName.SignUserName(String vipUser)
 6/4/2019 1:38:33 PM : Log File Path : C:\Program Files\Symantec\ADFS3\
 6/4/2019 1:38:33 PM : VipService Authentication URL: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_4

Cause

The VIP ADFS plugin doesn't have sufficient rights to the VIP certificate being used for authentication. This is often caused by storing the VIP certificate in a folder where rights inherited from a folder or subfolder, preventing the cert from being properly accessed during VIP authentications. 

Resolution

Place the VIP Certificate downloaded from VIP Manager into the ADFS plugin installation folder. (i.e., C:\Program Files\Symantec\ADFS). Change the path of the cert in the VIP ADFS configuration tool.