Citrix Access Gateway OAUTH IDP: Getting ” Failed to login the user due to insufficient claims. Please contact your administrator”

Customer has configured Citrix Access Gateway as OAuth IDP with Workspace in Cloud and after user authentication is completed, users were getting the error as shownbelow

” Failed to login the user due to insufficient claims. Please contact your administrator”

The Attributes sent by Citrix Access Gateway (OAuth IDP) can be seen in /var/log/ns.log.

In the below log snippet, you could see that the Attributes such as ( Name, UPN, CIP and SID, etc ) sent by Citrix Access GAteway (OAuth IDP) are BLANK.



Nov 6 13:55:09 <> XX.XX.XX.XX 06/11/2019:12:55:09 0-PPE-0 : default AAATM Message 3795 0 : “OAUTHIDP: CC IDTOKEN: user: <>’s claims are: sub:, name:, upn:, email:, ctx_auth_alias:, cip_domain:, cip_forest: sid:, oid:, amr:[“otp”], nonce:637085983001757588.Mjg2NWQ2YWMtZDI5OC00ZjQ4LTk0NDQtNTJlM2I1ZmVlNjBlOGQ0NzQ0OWUtNjZlMi00NjI0LWIzMWQtNTNjYzMzY2VkYzk0, familyname:, givename:, domain: , groups len 0


  • No Related Posts

Indicio launches blockchain-enabled network for identity

Technology provider, a public benefit corporation advancing decentralized identity software and solutions, today announced the public availability of the Indicio MainNet, a professionally-staffed decentralized identity network designed for global enterprises that need a reliable platform to develop and scale identity services and products.

The development of the Hyperledger Indy-based network follows on the successful deployment of the Indicio TestNet, a market leader in decentralized identity networks.

The Indicio MainNet uses distributed ledger technology—multiple identical databases spread across different nodes—to enable the use of privacy-preserving verifiable digital credentials. This provides the foundation for flexible, portable, and permanent digital identities that are always under the control of the identity holder—the individual—and which provide an evolutionary leap forward in security.

“Our clients asked for a stable, fully-staffed network based on Hyperledger Indy— one that could provide the Service Level Agreements their customers need for mission-critical workloads,” said Heather Dahl, CEO of Indicio. “Today, we are excited to announce that this MainNet is open for business.”

“This is the network we need to accelerate adoption of passwordless zero trust ecosystems for enterprise customers” said Mike Vesey, President of IdRamp, a leader in decentralized identity and a Genesis Node Operator on the Network. “Our customers are developing service delivery ecosystems that require world class support, and leading edge features managed by a team with deep technical experience. The Indicio network provides exactly that.”

“The Indicio Network enables GlobaliD to deliver a digital identity platform that puts you in control of your identity and your data,” says Mitja Simcic, CTO of GlobaliD, one of the first companies to use Indicio’s MainNet. “Most digital identity platforms take ownership and control of your digital identity and your data for their own purposes. For instance, social media companies make money from selling your data to unauthorized third parties. Indicio is creating an ecosystem for providers that are working to make this practice obsolete. This network is bringing real change to real people, all over the world.”

The Value of Decentralized Identity

Decentralized identity allows individuals to control their own data and solves the privacy and security issues that undermine current models for handling identity online. This privacy-preserving model for identity, where everyone controls their own information, makes it easy for companies and organizations to comply with data privacy laws, makes business partner integrations more secure, and does away with the need for third-parties to manage and hold personally identifiable information (PII).

It is important to note that as part of Indicio’s governance, no personal data, such as names, addresses, or birth dates, are written to any of the Indicio Network ledgers. Instead, machine-readable cryptographic information identifies the issuer of the credential and the details that demonstrate the credential is authentic. With just a few writes to the Indicio MainNet, millions of credentials can be issued, all pointing to the same few ledger writes making the system easily scalable.

How to use the Indicio MainNet

Anyone using technology to verify a verifiable credential that is presented to them may access the Indicio MainNet for free. Several wallets currently in production now point to the Indicio Network, enabling credentials to be issued on, and read from, the Indicio Network.

Global innovators interested in becoming part of the Indicio Network are welcome to become an Indicio Node Operator. This diverse, supportive, and collaborative network of dynamic companies, work together to support a copy of the ledger while helping to advance decentralized identity. Learn more about the other benefits of becoming a Node Operator.

Subscribe to our free newsletter
Follow us on Twitter
Join us on LinkedIn


  • No Related Posts

Configure Citrix Endpoint Management as SAML IDP for ShareFile

This article provides a overview information of how to configure ShareFile Single Sign-On (SSO) with Citrix Endpoint Management.

A working configuration of Citrix Gateway and Citrix Endpoint Management server can be leveraged for user authentication. Users signing into their ShareFile account using a web browser or Citrix Files clients will be redirected to the Citrix Gateway webpage for their credentials. After successful authentication by Citrix Endpoint Management server, the user receives a SAML token that is valid for sign-in to their Citrix ShareFile account.

As well, you can use the Citrix Endpoint Management server with Secure Hub to single sign-on (SSO) into Citrix Files MDX-wrapped applications. In this scenario, Secure Hub obtains a SAML token from the Citrix Endpoint Management server and automatically signs users into their Citrix ShareFile account without their entering credentials.