Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
david_stardust
Explorer

Admin Login to Smart Console using Third Party Identity Provider via SAML

Hello All,

I am trying to integrate Checkpoint Smart Console admin login via 3rd party idP using SAML, the idP doesn't support SPNameQualifier in the SAMLRequest, is there a registry key or anything we can do to remove that from the SAML Request ? 

Thanks in advance !

 

David

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

What IdP are you trying to integrate with?

0 Kudos
david_stardust
Explorer

@PhoneBoy This is RSA SecurID solution, they do not support SPNameQualifier in the SAML request, somehow can this be removed? Currently we don't have any contract to open checkpoint TAC case, is there any internal steps to be done to remove this from header or we cannot remove it ?

Thanks in advance !

0 Kudos
PhoneBoy
Admin
Admin

There isn't currently a supported way to change the SAML assertion presented by our gateway.
However, similar to those who insist on adding forceAuthn=true to the SAML assertion versus fixing their IdP configuration, you may be able to figure out how to do it by hacking around with files in /opt/CPSamlPortal/phpincs/simplesamlphp.
However, any changes to any files in this directory would:

  • Be completely unsupported and possibly break on upgrade or JHF installation
  • Have to be applied on each gateway manually

Formal support for RSA's SAML IdP would have to be treated as an RFE through your local Check Point office.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events