This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Smorales
Explorer
‎2024-11-14 04:47 PM

Azure AD Authentication with MDS Smart Console - SAML error message

Hi everyone,

I am creating a lab to integrate an Identity Provider with Smart Console to login using users for Azure AD.

The environment I am using for the lab is an MDS with version R81.20 and JHF 70.

I have been following this documentation: Creating an administrator account with SAML Login authentication.

When I finished creating the Azure application and linking it to the Identity Provider object in the Global Domain inside the MDS, I tried to authenticate through Identity provider inside the Smart Console, everything seemed to work fine but when I was redirected back to the Smart Console I got the following error message:

Error: An error occurred in processing the SAML response. Make sure the 'Entity ID' is correct, that the response is signed and that this is the Service Provider initiated flow

I have searched about the issue and with the guide from the next SK and Check Mates Post trying to fix the problem but I still have the problem.

sk181695 - Error trying to connect to Azure SAML

https://community.checkpoint.com/t5/Management/SAML-Authentication-Login-for-issue-can-not-login/td-...

Then I tried upgrading JHF 70 > JHF 89 but I still see the same error.

Do you guys think any additional steps are needed for this integration within a MDS?

*In addition, does anyone know if it is important to create an Azure AD type object? If it is necessary, where should it be created, within the Global Domain or in a specific domain?

Note: I attached some additional images of how the application is configured in azure and the object in the MDS. I am not sure if they are helpful for a better view of the problem (I did compare the Entity ID parameters and they are exactly the same if you ask.).

Labels
Preview file
19 KB
Preview file
12 KB
Preview file
66 KB
Preview file
32 KB
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
a month ago

Are you trying to authenticate against the domain or MDS here?
I assume this would need to be configured in the domain.

0 Kudos
Smorales
Explorer
a month ago
In response to PhoneBoy

Hi,

I am trying this authentication for MDS Level authentication. 

I have 3 domains, the first one is for VSX Cluster Management, the other two each has one VSX domain. One domain has internet access.

Is necessary to configure Azure AD object in the domain that have Internet Access? 

0 Kudos
israelsc
Collaborator
Collaborator
3 weeks ago
In response to PhoneBoy

Hello @PhoneBoy , thank you for your reply,

The authentication would be for MDS Level
As my colleague commented in his post, we have 3 domains:
-1 domain manages the VSX Cluster
-1 domain is for a VS
-1 domain is for a VS and has internet access.

Is it necessary to configure the Azure AD object in the domain with internet access?

Otherwise, is there any documentation that specifies this authentication configuration for an MDS environment?
We found documentation for doing this in an SMS but not in an MDS.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events