Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Cb Defense: How To Troubleshoot SAML Configuration Issues

Cb Defense: How To Troubleshoot SAML Configuration Issues

Environment

Cb Defense Web Console: All Versions

Objective

This document provides information on how to troubleshoot setting up SAML in Cb Defense.

Resolution

  1. Below parameters must match on both sides for SAML to work
  2. To properly troubleshoot, the following two messages are required
    • SAML Request
    • SAML Response

Additional Notes

Once your organization has enabled SAML, administrators will no longer be able to log in with their email address and password. After configuring SAML, all administrators in your organization will be required to log in with your chosen identity provider.  If you are unable to log in after enabling SAML, contact support to disable it for your organization.

Sample screenshot:

  • Audience, Recipient, ACS (Consumer) URL Validator, and ACS (Consumer) URL are auto populated with the URL and are not editable
  • Single Sign On URL (HTTP-Redirect Binding) is unique to the site and is provided by the customer
  • Keep the Email Attribute Name set as "mail"
  • The X509 Certificate is unique to each site and occasionally we have seen two issues:
    • When copying the text from the X509 certificate into the input field, sometimes white space or a carriage return is being copied over leading to a HTTP 400 error. Try copying the cert information over individually line by line into the console.
    • In some cases you cannot have ---BEGIN CERTIFICATE--- and ---END CERTIFICATE--- in the Confer SAML Config

Related Content

Cb Defense: How to enable SAML integration with "Other" Identity Provider in the Web Console

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-25-2016
Views:
3443