Cb Defense: How To Troubleshoot SAML Configuration Issues
Cb Defense Web Console: All Versions
This document provides information on how to troubleshoot setting up SAML in Cb Defense.
Below parameters must match on both sides for SAML to work
To properly troubleshoot, the following two messages are required
Once your organization has enabled SAML, administrators will no longer be able to log in with their email address and password. After configuring SAML, all administrators in your organization will be required to log in with your chosen identity provider. If you are unable to log in after enabling SAML, contact support to disable it for your organization.
Audience, Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL are auto populated with the URL and are not editable
Single Sign On URL (HTTP-Redirect Binding) is unique to the site and is provided by the customer
Keep the Email Attribute Name set as "mail"
The X509 Certificate is unique to each site and occasionally we have seen two issues:
When copying the text from the X509 certificate into the input field, sometimes white space or a carriage return is being copied over leading to a HTTP 400 error. Try copying the cert information over individually line by line into the console.
In some cases you cannot have ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- in the Confer SAML Config