This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Duane_Toler
Advisor
12 hours ago
Jump to solution

Smart-1 Cloud SAML VPN do_ldap_fetch and do_internal_fetch

Hey all,

For customers with Smart-1 Cloud, are we somehow able to use GUIDBedit to modify internal parameters like the ones for SAML VPN?  AFAIK, GUIDBedit won't use the Infinity Portal token login like SmartConsole.

Does anyone know what would be the right way to set parameters like do_ldap_fetch and do_internal_fetch for SAML?

Thanks!

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend
11 hours ago
Jump to solution

 

View solution in original post

Preview file
13 KB
Preview file
38 KB
7 Replies
the_rock
Legend
Legend
12 hours ago
Jump to solution

You can use guidbedit, I will send the video later 🙂

Andy

0 Kudos
the_rock
Legend
Legend
11 hours ago
Jump to solution

 
Preview file
13 KB
Preview file
38 KB
Duane_Toler
Advisor
11 hours ago
In response to the_rock
Jump to solution

Oh geez.. 🤦🏻‍♂️

I feel like a dork. 😂

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
0 Kudos
the_rock
Legend
Legend
10 hours ago
In response to Duane_Toler
Jump to solution

Sorry I did not take video, because of customer's info, but screenshots helped, glad to hear.

Do NOT feel like a dork, happens man, we are here to help one another and yes, you can change that value you mentioned, but depends on your identity provider.

https://sc1.checkpoint.com/documents/R81/WebAdminGuides/EN/CP_R81_RemoteAccessVPN_AdminGuide/Topics-...

Andy

0 Kudos
the_rock
Legend
Legend
5 hours ago
Jump to solution

Btw, here is what it says online..

To correctly set do_ldap_fetch and do_internal_fetch parameters for SAML, you should set do_generic_fetch to false if using an on-premises LDAP directory to use the SAML identity provider for fetching user attributes, and set do_internal_fetch to false if you are not using an on-premises LDAP and instead rely solely on the identity provider. The key is to disable the general fetch or the internal fetch to ensure the SAML information is the primary source for user data. 

0 Kudos
Duane_Toler
Advisor
5 hours ago
In response to the_rock
Jump to solution

Yep!  I’ll be configuring this with a customer that doesn’t have a Windows AD nor internal LDAP server for any user directory info. They only have Entra ID and O365 user accounts. I plan to use identity agent on their PCs and locally defined groups and access roles.

VPN users will use SAML for Azure MFA.

It’s going to be quite an interesting configuration! Might even end up with some Identity API scripts on some internal-only Linux hosts.  😆

 

 

 

--
Ansible for Check Point APIs series: https://www.youtube.com/@EdgeCaseScenario and Substack
the_rock
Legend
Legend
4 hours ago
In response to Duane_Toler
Jump to solution

O yea, go for it!

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events