VIP ADFS authentication fails with 'Failed to encrypt VIP cert password due to ... CryptographicException'

book

Article ID: 184905

calendar_today

Updated On:

Products

VIP Integrations

Issue/Introduction

VIP authentication failing with AD FS integration

VIP Service exception : System.Security.Cryptography.CryptographicException: The specified network password is not correct.

System.Security.Cryptography.CryptographicException.ThrowCryptographicException(Int32 hr)
   at System.Security.Cryptography.X509Certificates.X509Utils._QueryCertFileType(String fileName, IntPtr password, UInt32 dwFlags, BooleanpersistKey, SafeNetCertContextHandle& pCertCtx)
   at System.Security.Cryptography.
X509Certificates.X509Certificate.LoadCertificateFromFile(String fileName, Object password, X509KeyStorageFlags keyStorageFlags)
   at System.Security.Cryptography.X509Certificates.X509Certificate2..ctor(String fileName, String password)

...
 6/4/2019 1:38:33 PM : Log File Path : C:\Program Files\Symantec\ADFS3\
 6/4/2019 1:38:33 PM : VipService Authentication URL: https://userservices-auth.vip.symantec.com/vipuserservices/AuthenticationService_1_4

Cause

The VIP ADFS plugin is pinned to the incorrect root CA. 

Resolution

Follow the instructions to upgrade the ADFS plugin: How to upgrade VIP AD FS Two-factor authentication plugin 

Place the VIP Certificate downloaded from VIP Manager into the ADFS plugin installation folder. (i.e., C:\Program Files\Symantec\ADFS). Change the path of the cert in the VIP ADFS configuration tool. Restart the AD FS service.