topic Re: SAML identity provider auth issue in Firewall and Security Management

SAML identity provider auth issue

the_rock — Thu, 17 Feb 2022 00:13:52 GMT

Hey team,

I really hope someone can help me with suggestion/advice on this. My colleague and I tried to test this for a customer and we cant get it working no matter what we do. I know I got this working with another client few months back by following same procedure as below:

SAML authentication in Remote Access VPN clients (checkpoint.com)

Im testing this in lab with 2 single gateway on R81.10 jumbo 30. For context, IP of gateway is 172.16.10.78...now, we set up identity provider and all shows green in smart console. We then made sure remote access is set up right, auth method is there as per document and it does show when trying to connect via vpn client, BUT, the actual page never comes up, though log in works on identity provider side that my colleague set up with my email address.

Also, I could be mistaken when I say this, but Im pretty certain below page should work, but it does not...

https://172.16.10.78/saml-vpn

I attached some screenshot for reference. If someone can give any guidance, I would be very grateful!

Thanks as always!

Re: SAML identity provider auth issue

PhoneBoy — Mon, 21 Feb 2022 16:03:58 GMT

I assume you've contacted the TAC on this, right?
Just looking at the error when you access the saml-vpn link, it seems the backend that processes the SAML connection isn't registered with Multi-Portal.

Re: SAML identity provider auth issue

the_rock — Mon, 21 Feb 2022 22:50:40 GMT

Yep, I have TAC case open, we have remote tomorrow.

Re: SAML identity provider auth issue

Nep_001 — Wed, 22 Jun 2022 16:00:23 GMT

Hello,

Did you resolve the issue? can share the solution? we also, encountering the same issue with R80.40 take 158 integration with OKTA SAML.

thanks.

Re: SAML identity provider auth issue

Marius-Craven — Wed, 12 Apr 2023 22:45:45 GMT

Pls advise if you were able to resolve this issue and what steps were taken.?

We have a similar issue using R81.10 Take 94

Re: SAML identity provider auth issue

the_rock — Thu, 13 Apr 2023 01:08:19 GMT

Yes, so sorry guys, I totally forgot to update what TAC told us. Guy from DTAC mentioned that this page does not work by default, which does not really affect how SAML auth functions, as we made it work correctly in the lab. When testing with client, we got prompted for one login (provider we used) code and authentication worked fine.

In all honestly, I have no clue in the world whether what we were told is actual fact, as nowhere does it state that page does not work by default, but it was good enough for customer and myself, since as long as auth worked fine, which it did, thats all we cared about : - )

Re: SAML identity provider auth issue

stephanygomez — Tue, 30 May 2023 22:00:15 GMT

Hola, puedes compartir por favor la solución a este error.

Re: SAML identity provider auth issue

Marius-Craven — Wed, 31 May 2023 22:13:11 GMT

My issue was related to sk179625

SAML authentication fails with the "HTTP 500" error when MDPS is enabled on the Security Gateways. Refer to sk179625.

And an upgrade to Take 95 resolved the issue.