Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
the_rock
Legend
Legend
Jump to solution

SAML identity provider auth issue

Hey team,

I really hope someone can help me with suggestion/advice on this. My colleague and I tried to test this for a customer and we cant get it working no matter what we do. I know I got this working with another client few months back by following same procedure as below:

SAML authentication in Remote Access VPN clients (checkpoint.com)

Im testing this in lab with 2 single gateway on R81.10 jumbo 30. For context, IP of gateway is 172.16.10.78...now, we set up identity provider and all shows green in smart console. We then made sure remote access is set up right, auth method is there as per document and it does show when trying to connect via vpn client, BUT, the actual page never comes up, though log in works on identity provider side that my colleague set up with my email address.

Also, I could be mistaken when I say this, but Im pretty certain below page should work, but it does not...

https://172.16.10.78/saml-vpn

I attached some screenshot for reference. If someone can give any guidance, I would be very grateful!

Thanks as always!

0 Kudos
1 Solution

Accepted Solutions
the_rock
Legend
Legend

Yes, so sorry guys, I totally forgot to update what TAC told us. Guy from DTAC mentioned that this page does not work by default, which does not really affect how SAML auth functions, as we made it work correctly in the lab. When testing with client, we got prompted for one login (provider we used) code and authentication worked fine.

In all honestly, I have no clue in the world whether what we were told is actual fact, as nowhere does it state that page does not work by default, but it was good enough for customer and myself, since as long as auth worked fine, which it did, thats all we cared about : - )

 

View solution in original post

0 Kudos
7 Replies
PhoneBoy
Admin
Admin

I assume you've contacted the TAC on this, right?
Just looking at the error when you access the saml-vpn link, it seems the backend that processes the SAML connection isn't registered with Multi-Portal.

0 Kudos
the_rock
Legend
Legend

Yep, I have TAC case open, we have remote tomorrow.

 

0 Kudos
Nep_001
Explorer

Hello,

Did you resolve the issue? can share the solution? we also, encountering the same issue with R80.40 take 158 integration with OKTA SAML. 

thanks.

0 Kudos
Marius-Craven
Explorer

Pls advise if you were able to resolve this issue and what steps were taken.?

We have a similar issue using R81.10 Take 94

0 Kudos
the_rock
Legend
Legend

Yes, so sorry guys, I totally forgot to update what TAC told us. Guy from DTAC mentioned that this page does not work by default, which does not really affect how SAML auth functions, as we made it work correctly in the lab. When testing with client, we got prompted for one login (provider we used) code and authentication worked fine.

In all honestly, I have no clue in the world whether what we were told is actual fact, as nowhere does it state that page does not work by default, but it was good enough for customer and myself, since as long as auth worked fine, which it did, thats all we cared about : - )

 

0 Kudos
stephanygomez
Explorer

Hola, puedes compartir por favor la solución a este error.

0 Kudos
Marius-Craven
Explorer

My issue was related to sk179625

SAML authentication fails with the "HTTP 500" error when MDPS is enabled on the Security Gateways. Refer to sk179625.

And an upgrade to Take 95 resolved the issue.

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events