This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
david_stardust
Explorer
‎2023-07-21 03:17 AM

Admin Login to Smart Console using Third Party Identity Provider via SAML

Hello All,

I am trying to integrate Checkpoint Smart Console admin login via 3rd party idP using SAML, the idP doesn't support SPNameQualifier in the SAMLRequest, is there a registry key or anything we can do to remove that from the SAML Request ? 

Thanks in advance !

 

David

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-07-21 03:16 PM

What IdP are you trying to integrate with?

0 Kudos
david_stardust
Explorer
‎2023-07-21 04:11 PM
In response to PhoneBoy

@PhoneBoy This is RSA SecurID solution, they do not support SPNameQualifier in the SAML request, somehow can this be removed? Currently we don't have any contract to open checkpoint TAC case, is there any internal steps to be done to remove this from header or we cannot remove it ?

Thanks in advance !

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-24 01:16 PM
In response to david_stardust

There isn't currently a supported way to change the SAML assertion presented by our gateway.
However, similar to those who insist on adding forceAuthn=true to the SAML assertion versus fixing their IdP configuration, you may be able to figure out how to do it by hacking around with files in /opt/CPSamlPortal/phpincs/simplesamlphp.
However, any changes to any files in this directory would:

  • Be completely unsupported and possibly break on upgrade or JHF installation
  • Have to be applied on each gateway manually

Formal support for RSA's SAML IdP would have to be treated as an RFE through your local Check Point office.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events