This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
[Wed Jan 29 19:58:34.819790 2025] [php7:notice] [pid 393] [client 10.10.110.101:58049] PHP Notice: Undefined variable: session in /opt/CPSamlPortal/phpincs/spPortal/sso.php on line 177, referer: https://login.microsoftonline.com/ [Wed Jan 29 19:58:34.835536 2025] [php7:notice] [pid 393] [client 10.10.110.101:58049] PHP Notice: Undefined variable: session in /opt/CPSamlPortal/phpincs/spPortal/sso.php on line 196, referer: https://login.microsoftonline.com/ [Wed Jan 29 19:58:36.888463 2025] [php7:notice] [pid 390] [client 10.10.110.101:58051] PHP Notice: Trying to get property 'rc' of non-object in /opt/CPNacPortal/phpincs/web/actions/LoginAction.php on line 54, referer: https://<gateway>/connect/spPortal/ServiceProvider?idpname=idp_<idp>&realm=identity_portal [Wed Jan 29 19:58:37.434859 2025] [php7:warn] [pid 1980] [client 10.10.110.101:58061] PHP Warning: file_exists(): open_basedir restriction in effect. File(/opt/CPNacPortal/htdocs/nac/../../../phpincs/conf/external_unauthorized_guest_login_conf.php) is not within the allowed path(s): (/opt/CPSamlPortal/phpincs:/opt/CPSamlPortal/htdocs:/opt/CPSamlPortal/phpincs:/opt/CPSamlPortal/htdocs:/opt/CPNacPortal/htdocs/nac:/opt/CPNacPortal/phpincs:/opt/CPNacPortal/logs:/opt/CPNacPortal/htdocs/nac:/opt/CPNacPortal/phpincs:/opt/CPNacPortal/logs) in /opt/CPNacPortal/phpincs/util/Configuration.php on line 32, referer: https://<gateway>/connect/PortalMain **[Wed Jan 29 19:58:37.887903 2025] [php7:error] [pid 394] [client 10.10.110.101:58073] script '/opt/CPNacPortal/htdocs/nac/css/"LoginSequenceView"' not found or unable to stat, referer: https://<gateway>/connect/PortalMain** [Wed Jan 29 19:58:38.020337 2025] [php7:warn] [pid 391] [client 10.10.110.101:58082] PHP Warning: file_exists(): open_basedir restriction in effect. File(/opt/CPNacPortal/htdocs/nac/../../../phpincs/conf/external_unauthorized_guest_login_conf.php) is not within the allowed path(s): (/opt/CPSamlPortal/phpincs:/opt/CPSamlPortal/htdocs:/opt/CPSamlPortal/phpincs:/opt/CPSamlPortal/htdocs:/opt/CPNacPortal/htdocs/nac:/opt/CPNacPortal/phpincs:/opt/CPNacPortal/logs:/opt/CPNacPortal/htdocs/nac:/opt/CPNacPortal/phpincs:/opt/CPNacPortal/logs) in /opt/CPNacPortal/phpincs/util/Configuration.php on line 32, referer: https://<gateway>/connect/PortalMain [Wed Jan 29 19:58:38.039196 2025] [php7:warn] [pid 393] [client 10.10.110.101:58083] PHP Warning: file_exists(): open_basedir restriction in effect. File(/opt/CPNacPortal/htdocs/nac/../../../phpincs/conf/external_unauthorized_guest_login_conf.php) is not within the allowed path(s): (/opt/CPSamlPortal/phpincs:/opt/CPSamlPortal/htdocs:/opt/CPSamlPortal/phpincs:/opt/CPSamlPortal/htdocs:/opt/CPNacPortal/htdocs/nac:/opt/CPNacPortal/phpincs:/opt/CPNacPortal/logs:/opt/CPNacPortal/htdocs/nac:/opt/CPNacPortal/phpincs:/opt/CPNacPortal/logs) in /opt/CPNacPortal/phpincs/util/Configuration.php on line 32, referer: https://<gateway>/connect/PortalMain [Wed Jan 29 19:58:38.416489 2025] [php7:error] [pid 3591] [client 10.10.110.101:58097] **script '/opt/CPNacPortal/htdocs/nac/css/"LoginSequenceView"'** not found or unable to stat, referer: https://<gateway>/connect/spPortal/IdentityProviders?Realm=identity_portal [Wed Jan 29 19:58:38.423549 2025] [php7:warn] [pid 1980] [client 10.10.110.101:58093] PHP Warning: file_exists(): open_basedir restriction in effect. File(/opt/CPNacPortal/htdocs/nac/../../../phpincs/conf/external_unauthorized_guest_login_conf.php) is not within the allowed path(s): (/opt/CPSamlPortal/phpincs:/opt/CPSamlPortal/htdocs:/opt/CPSamlPortal/phpincs:/opt/CPSamlPortal/htdocs:/opt/CPNacPortal/htdocs/nac:/opt/CPNacPortal/phpincs:/opt/CPNacPortal/logs:/opt/CPNacPortal/htdocs/nac:/opt/CPNacPortal/phpincs:/opt/CPNacPortal/logs) in /opt/CPNacPortal/phpincs/util/Configuration.php on line 32, referer: https://<gateway>/connect/spPortal/IdentityProviders?Realm=identity_portal ^C
As this is in my lab environment, where some things might have been played along too many times, I set up a new gateway with new management, configured Identity Awareness, set up Identity Provider and SAML Config at entra id. With the same result.
inspecting the web page i get:
404 Status for a file named "LoginSequenceView" (including the ") - what matches with logs above (bold)
Watching the SAML Trace i see the GET request to "https://<gateway>/connect/css/%22LoginSequenceView%22" with saml server response "saml_server_response={"context":"","type":"FAILURE","message":"Login failed. If the problem persists please contact your administrator","opaque":"","nextStateId":""}" as Cookie.
it looks like that "https://<gateway>/connect/PortalMain" is referring to "https://<gateway>/connect/css/%22LoginSequenceView%22" - which than cannot be found. Removing the " at the filename (https://<gateway>/connect/css/LoginSequenceView) the css file is shown correctly.
Tested this with several browsers (private, non private windows, with direct network connect to gateway or via other firewalls and VPNs, MAC and Windows)
Perhaps someone here already did some deeper troubleshooting at all those SAML things and has a tip/hint/condolences?
(TAC is not really an option, as this is running my lab at the moment)
over the time installed a new virtual gateway, including a brand new management. Configured IDP and Identity Awareness to use it. Worked for one session, than the behaviour came up again.
Evidence attached.
As far as i understand, (phpincs/view/html/)PortalMain is the one that is referring to "LoginSequenceView" as css stylesheet.
