This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
erkansimsek
Explorer
‎2023-06-01 07:45 AM

Identity Provider Reply URL section is blank

Hello,

I need to SAML configuration for admin accounts but Reply URL link section is empty, how can I solve this ?

I use R81.20 on mgmt and attahced the screenshot.

Thanks a lot. 

Preview file
130 KB
0 Kudos
6 Replies
PhoneBoy
Admin
Admin
‎2023-06-05 10:55 AM

What precisely are you using as management here?
If it's Smart-1 Cloud, then I believe you configure access via Infinity Portal.
You can confirm this via the TAC: https://help.checkpoint.com 

0 Kudos
the_rock
Legend
Legend
‎2023-06-05 10:56 AM

I had this working before and that field was always empty. As a matter of fact, TAC person told me that was normal.

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-06-05 11:10 AM
In response to the_rock

I tried to configure this in Demo Mode a bit ago and it put something in the Reply URL.
Possible it is meant to be blank with Smart-1 Cloud, not sure.

0 Kudos
the_rock
Legend
Legend
‎2023-06-05 11:16 AM
In response to PhoneBoy

Yea, just tried it in R81.20 lab and below is what I see.

Andy

 

Screenshot_1.png

0 Kudos
madu1
Contributor
Tuesday

On a kind of related note, I'm trying to set up SAML for SmartConsole login (all on-prem, not cloud).  When I create the Identity Provider, the Reply URL gives the 10.x.x.x IP of the SmartCenter.  Is this normal?

To be fair I haven't tested yet, but the person setting up the Azure side refused to take the URL and said it has to be a public IP otherwise it will never reply back to the firewall.   I've tried changing the Platform Portal IP, and the SmartCenter has a static NAT assigned, but I can't get it to populate the Reply URL with the NAT IP.  Does anyone know how to change this?  Or will it work if I insist the Azure person just uses the URL with 10.x.x.x in?

Screenshot 2025-02-25 174501.png

0 Kudos
PhoneBoy
Admin
Admin
Wednesday
In response to madu1

As I understand it, the Reply URL is sent to the browser AFTER the user is authenticated with the IdP to communicate the SAML Assertion to the SP (in this case, the management server).
Therefore, the Reply URL can include an internal IP.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events