ASA-3-716160: Failed to create SAML authentication request. reason: Failed to load private key

DIANNE DUNLAP · ‎01-21-2020

I've installed a CA (not self-signed) cert on ASA running 9.9(2) using SAML for authentication. The negotiation between the Anyconnect client (PC and Mac) work ok till the point where there's an Anyconnect error "Failed to generate SAML AuthnRequest". This is at the point where the ASA should be sending the request to the iDP.

Debug webvpn saml 255 shows:

%ASA-3-716160: Failed to create SAML authentication request. reason: Failed to load private key..

Jan 21 21:15:48 [SAML] build_authnrequest: Failed to load private key.

Jan 21 21:15:48

[SAML] build_authnrequest:

SAML AUTH: authentication pending

Both the identity and CA certs loaded ok and there's no indication as to what key cannot be loaded.

The ASA-3-716160 error message is nowhere in Cisco documentation and not found on a Google search, i.e. this is apparently the first time the message has been seen.

balaji.bandi · ‎01-21-2020

here is some reference may help you :

https://community.cisco.com/t5/vpn-and-anyconnect/anyconnect-client-with-saml-microsoft-aad/td-p/3989462

https://community.cisco.com/t5/vpn-and-anyconnect/anyconnect-authentication-using-microsoft-adfs-saml/m-p/3479195

https://community.cisco.com/t5/security-documents/anyconnect-vpn-client-faq/ta-p/3117980

https://community.cisco.com/t5/vpn-and-anyconnect/anyconnect-clientless-and-saml/m-p/3189480

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help