This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Zerat
Participant
Thursday
Jump to solution

Yet another SAML issue with web version of smartconsole

Hi

I've tried to configure SAML SSO (with Azure AD) on my management server according to:
https://sc1.checkpoint.com/documents/R81.20/WebAdminGuides/EN/CP_R81.20_SecurityManagement_AdminGuid...

SmartConsole app is working fine - when I choose Identity provider, I'm redirected to the web and then correctly logged in.

With the web version, there is no identity provider selection.
When I use SSO login button from my apps portal, I get following error after browser redirection to [my.domain.name]/cpmws/saml/acs/sso 
the error is:

ERROR: error processing Saml response, it might be due to time out

 
Did I miss something in my config? The app version is working fine with it, only web gives me this error...

As for the domain, ENV variable SAML_IP_OR_NAME=[my.domain.name] seems to be added and looks fine (also: the app is working fine with it)

#######################################
If it's there, it must work. Hate to be beta-tester on GA
Labels
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Friday
Jump to solution

You don't see Identity Provider here?

image.png

Make sure you're on the latest Web Smartconsole using the command autoupdatercli show (look for mwc in the output) https://support.checkpoint.com/results/sk/sk170314 

product-name: mwc

   component-name: web_console
   component-branch: webconsole_AutoUpdate
   GA-Version: 0
   download-scheduler-active: true
   install-scheduler-active: true
   download-action: idle
   install-revert-action: idle

     installation-date: 2024-10-24_18:59:26
     package-branch-name: webconsole_AutoUpdate
     package-version: 120
     package-name: Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T120_FULL.tgz
     package-installed: false
     package-installable: true
     package-previously-installed: true

     installation-date: 2024-10-24_19:36:50
     package-branch-name: webconsole_AutoUpdate
     package-version: 121
     package-name: Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T121_FULL.tgz
     package-installed: true
     package-installable: true
     package-previously-installed: false

View solution in original post

6 Replies
PhoneBoy
Admin
Admin
Friday
Jump to solution

You don't see Identity Provider here?

image.png

Make sure you're on the latest Web Smartconsole using the command autoupdatercli show (look for mwc in the output) https://support.checkpoint.com/results/sk/sk170314 

product-name: mwc

   component-name: web_console
   component-branch: webconsole_AutoUpdate
   GA-Version: 0
   download-scheduler-active: true
   install-scheduler-active: true
   download-action: idle
   install-revert-action: idle

     installation-date: 2024-10-24_18:59:26
     package-branch-name: webconsole_AutoUpdate
     package-version: 120
     package-name: Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T120_FULL.tgz
     package-installed: false
     package-installable: true
     package-previously-installed: true

     installation-date: 2024-10-24_19:36:50
     package-branch-name: webconsole_AutoUpdate
     package-version: 121
     package-name: Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T121_FULL.tgz
     package-installed: true
     package-installable: true
     package-previously-installed: false
Zerat
Participant
Friday
In response to PhoneBoy
Jump to solution

@PhoneBoy wrote:

You don't see Identity Provider here?

image.png

Make sure you're on the latest Web Smartconsole using the command autoupdatercli show (look for mwc in the output) https://support.checkpoint.com/results/sk/sk170314 

product-name: mwc

   component-name: web_console
   component-branch: webconsole_AutoUpdate
   GA-Version: 0
   download-scheduler-active: true
   install-scheduler-active: true
   download-action: idle
   install-revert-action: idle

     installation-date: 2024-10-24_18:59:26
     package-branch-name: webconsole_AutoUpdate
     package-version: 120
     package-name: Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T120_FULL.tgz
     package-installed: false
     package-installable: true
     package-previously-installed: true

     installation-date: 2024-10-24_19:36:50
     package-branch-name: webconsole_AutoUpdate
     package-version: 121
     package-name: Check_Point_WEBCONSOLE_AUTOUPDATE_Bundle_T121_FULL.tgz
     package-installed: true
     package-installable: true
     package-previously-installed: false

I'm still on R81.20 and won't update soon, if that matters

#######################################
If it's there, it must work. Hate to be beta-tester on GA
0 Kudos
Ofir_Calif
Employee
Employee
yesterday
In response to Zerat
Jump to solution

Hi @Zerat,
Saml authentication is supported on R81.20 with Web SmartConsole.
Web SmartConsole has its own version that can be found with the command that @PhoneBoy wrote or with the following command:
cpinfo -y CPUpdates

Thanks,
Ofir.

Zerat
Participant
8 hours ago
In response to Ofir_Calif
Jump to solution

@PhoneBoy @Ofir_Calif thanks for help - it appeared, that we used the wrong link (BTW why Check Point still supports /smartview/
?)
for /smartconsole/ it works 🙂
on my defense - I always avoided web consoles if possible - only the infrastructure team sometimes uses the logs to search who to blame 😉

#######################################
If it's there, it must work. Hate to be beta-tester on GA
0 Kudos
PhoneBoy
Admin
Admin
5 hours ago
In response to Zerat
Jump to solution

SmartView does not support SAML authentication, correct.

0 Kudos
Ofir_Calif
Employee
Employee
3 hours ago
In response to Zerat
Jump to solution

Try Web SmartConsole,
While it does not have feature parity with the installed SmartConsole, it provides many of the day-to-day operations and better performance, and we are constantly improving it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events