- Products
- Learn
- Local User Groups
- Partners
- More
What's New in R82.10?
Watch HereWhen the Agents Attack
A Live Look at Agentic Exposure Validation
AI Security Masters E8:
Claude Mythos: New Era in Cyber Security
CheckMates Go:
CheckMates Fest
I have successfully setup SmartConsole SAML SSO, using an Identity Provider object in SmartConsole.
When creating this Identity Provider object, the IdP "Return URL" is automatically populated like: "https://192.168.100.241/...", where 192.168.100.241 is the IP address of the management server. You cannot edit this value.
I'd like to replace the IP address with the FQDN of the management server, like "https://sms.mydomain.com/...".
Is this possible? If so, how?
Thanks in advance!
-Frank
SOLVED
It is in the "R81.20 Quantum Security Management Administration Guide", as explained by CP TAC, although a bit hidden: search for "SAML_IP_OR_NAME".
SAML_IP_OR_NAME=example.com; export SAML_IP_OR_NAME
NOTE:
When creating an Identity Provider object for SmartConsole ("Managing Administrator Access"), the Return URL still shows the IP address. However, when SmartConsole performs the SAML request, it uses the FQDN in the Return URL silently. So, you MUST manually change the IP address for the FQDN when configuring the Return URL on the IdP (EntraID or similar).
if this would work, it only works on standalone installation. management server objects don´t have VPN Portal settings 🙂
i believe, you will have to change simple-saml config files or something like that. would suggest having TAC involved.
Funny enough, that lab is standalone : - )
Note that I'm using the SmartCenter Server as a SAML service provider. I'm not authenticating agains the gateway (or gateways) for Client VPN. Or are you referring to a management server cluster (management HA)?
This is for IA (or Remote Access VPN) IdP. I don't think these settings apply to the management server as a SAML SP.
I have submitted a TAC case and will update when (if) I get a solution.
SOLVED
It is in the "R81.20 Quantum Security Management Administration Guide", as explained by CP TAC, although a bit hidden: search for "SAML_IP_OR_NAME".
SAML_IP_OR_NAME=example.com; export SAML_IP_OR_NAME
NOTE:
When creating an Identity Provider object for SmartConsole ("Managing Administrator Access"), the Return URL still shows the IP address. However, when SmartConsole performs the SAML request, it uses the FQDN in the Return URL silently. So, you MUST manually change the IP address for the FQDN when configuring the Return URL on the IdP (EntraID or similar).
Awesome, thanks for that! For the reference, page 84.
Andy
Leaderboard
Epsum factorial non deposit quid pro quo hic escorol.
| User | Count |
|---|---|
| 13 | |
| 12 | |
| 9 | |
| 7 | |
| 4 | |
| 4 | |
| 3 | |
| 3 | |
| 3 | |
| 3 |
Thu 09 Jul 2026 @ 10:00 AM (CEST)
Schutz souveräner Workloads: Check Point & die AWS European Sovereign CloudThu 09 Jul 2026 @ 11:00 AM (CEST)
The Cloud Architects Series: Check Point Edge Protection SD-WAN & SASEThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 09 Jul 2026 @ 11:00 AM (EDT)
Tips and Tricks 2026 #9 - What's New with Check Point Email SecurityFri 10 Jul 2026 @ 11:00 AM (IDT)
CheckMates Live Netherlands - Sessie 48: Nieuwe Check Point Workspace SecurityTue 14 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E11: READY OR NOT: Securing the AI Enterprise 3/5 - AI Workforce SecurityThu 30 Jul 2026 @ 10:00 AM (PDT)
AI Security Masters E12: READY OR NOT: Securing the AI Enterprise 4/5 - AI GatewayThu 20 Aug 2026 @ 10:00 AM (PDT)
AI Security Masters E13: READY OR NOT: Securing the AI Ent 5/5 - AI Research & Threat LandscapeAbout CheckMates
Learn Check Point
Advanced Learning
YOU DESERVE THE BEST SECURITY