Re: Identity Provider Reply URL section is blank

erkansimsek · ‎2023-06-01

Hello,

I need to SAML configuration for admin accounts but Reply URL link section is empty, how can I solve this ?

I use R81.20 on mgmt and attahced the screenshot.

Thanks a lot.

PhoneBoy · ‎2023-06-05

What precisely are you using as management here?
If it's Smart-1 Cloud, then I believe you configure access via Infinity Portal.
You can confirm this via the TAC: https://help.checkpoint.com

the_rock · ‎2023-06-05

I had this working before and that field was always empty. As a matter of fact, TAC person told me that was normal.

Andy

PhoneBoy · ‎2023-06-05

I tried to configure this in Demo Mode a bit ago and it put something in the Reply URL.
Possible it is meant to be blank with Smart-1 Cloud, not sure.

the_rock · ‎2023-06-05

Yea, just tried it in R81.20 lab and below is what I see.

Andy

madu1 · ‎2025-02-25

On a kind of related note, I'm trying to set up SAML for SmartConsole login (all on-prem, not cloud). When I create the Identity Provider, the Reply URL gives the 10.x.x.x IP of the SmartCenter. Is this normal?

To be fair I haven't tested yet, but the person setting up the Azure side refused to take the URL and said it has to be a public IP otherwise it will never reply back to the firewall. I've tried changing the Platform Portal IP, and the SmartCenter has a static NAT assigned, but I can't get it to populate the Reply URL with the NAT IP. Does anyone know how to change this? Or will it work if I insist the Azure person just uses the URL with 10.x.x.x in?

Screenshot 2025-02-25 174501.png

PhoneBoy · ‎2025-02-26

As I understand it, the Reply URL is sent to the browser AFTER the user is authenticated with the IdP to communicate the SAML Assertion to the SP (in this case, the management server).
Therefore, the Reply URL can include an internal IP.

Are you a member of CheckMates?

Identity Provider Reply URL section is blank