Client error code 01/0000001 when connecting - SAML

Discussion in 'Parallels Remote Application Server' started by mmsa, Feb 26, 2026.

  1. mmsa

    mmsa Bit poster

    Messages:
    3
    Hi everyone
    I'm currently evaluating Parallels RAS and am running into an issue where the client can't connect.
    The client starts the browser and i can authenticate with the SAML IDP. I get the Authentication successful message from the portal and am redirected to the client. A few moments later i get following error:
    upload_2026-2-26_13-13-8.png
    I can't see any blocks on the Firewall or any helpful Log information. The best i found was an entr in the controller log, but i'm not certain it's related to the client message.
    [T 00/0000013D/T04D8/P15B0] 26-02-26 13:23:50 - 2XXMLSec: Signature is OK.
    [T 00/00000000/T04D8/P15B0] 26-02-26 13:23:50 - Failed: to read from socket closed by peer (0), handle 0000000000000B7C
    [T 00/00000000/T04D8/P15B0] 26-02-26 13:23:50 - Client Disconnect error : 183
    [T 00/00000000/T04D8/P15B0] 26-02-26 13:23:50 - Removing client socket handle 0000000000000B7C from list.
    [T 00/00000000/T04D8/P15B0] 26-02-26 13:23:50 - Try close socket, handle 0000000000000B7C


    The HTML5 Login in the same session works just fine.
    The only KB article i found https://kb.parallels.com/en/123015 didn't help.

    Any idea where to look?
     
    mmsa, Feb 26, 2026
    #1
  2. Mark Howell

    Mark Howell Junior Member

    Messages:
    11
    Hi,
    Which iDP are you using? I will send you a KB article specific to your iDP. Some configuration is required to launch an application via SAML.
    It's a 2-step process. The app listing, which it sounds like you have figured out, and starting the app.
    Thanks,
    Mark
     
    Mark Howell, Mar 3, 2026 at 5:42 AM
    #2
  3. mmsa

    mmsa Bit poster

    Messages:
    3
    Hi Mark
    Thank you.
    we're using Keycloak.
    Regards,
    Marco
     
    mmsa, Mar 6, 2026 at 12:23 AM
    #3
  4. Mark Howell

    Mark Howell Junior Member

    Messages:
    11
    Hi Marco,
    So it sounds like you have KeyCloak and RAS (iDP and SP) configured properly, and when you log in to KeyCloak, the Assertion and Attribute are making their way into RAS, and applications are being listed.
    This document: https://kb.parallels.com/124813 will help you complete the 2nd half of the 2-step process. If you are running RAS v20 or later, skip the first part about delegation. It is not required in v20 and above.
    There are some caveats to this document that I will add to this forum.
    Do you already have an Enrollment Server running? If so, how did you install it?
    Thanks,
    Mark.
     
    Mark Howell, Mar 6, 2026 at 4:20 AM
    #4
  5. Mark Howell

    Mark Howell Junior Member

    Messages:
    11
    Mark Howell, Mar 6, 2026 at 4:32 AM
    #5
  6. mmsa

    mmsa Bit poster

    Messages:
    3
    I've used this exact manual to install and configure the Enrollment Server. When logging in using the browser option I can also see that the certificates are issued by the PKI.
    But i will doublecheck, in order to make sure i didn't miss any setting.
    tanks,
    marco
     
    mmsa, Mar 6, 2026 at 5:10 AM
    #6

Share This Page