Environment
Cb Defense Web Console: All Versions
Objective
This document provides information on how to troubleshoot setting up SAML in Cb Defense.
Resolution
- Below parameters must match on both sides for SAML to work
- To properly troubleshoot, the following two messages are required
- SAML Request
- SAML Response
Additional Notes
Once your organization has enabled SAML, administrators will no longer be able to log in with their email address and password. After configuring SAML, all administrators in your organization will be required to log in with your chosen identity provider. If you are unable to log in after enabling SAML, contact support to disable it for your organization.
Sample screenshot:

- Audience, Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL are auto populated with the URL and are not editable
- Single Sign On URL (HTTP-Redirect Binding) is unique to the site and is provided by the customer
- Keep the Email Attribute Name set as "mail"
- The X509 Certificate is unique to each site and occasionally we have seen two issues:
- When copying the text from the X509 certificate into the input field, sometimes white space or a carriage return is being copied over leading to a HTTP 400 error. Try copying the cert information over individually line by line into the console.
- In some cases you cannot have ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- in the Confer SAML Config
Related Content
Cb Defense: How to enable SAML integration with "Other" Identity Provider in the Web Console