cancel
Showing results for 
Search instead for 
Did you mean: 

Azure SAML issue

SOLVED
Dioma
New Contributor

Azure SAML issue

Pulse Secure Version 9.1R8 (build 7453)

 

Hello All!

We are running a POC to test Azure MFA on Pulse. 

We use the Microsoft guide to achieve it.

https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/pulse-secure-pcs-tutorial.

But we get an error when users try to connect using web browser:

"SAML Transfer failed.

Please contact your system admin.

Detail: Artifact request is missing the SAMLart parameter".

 

Any idea?

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
r@yElr3y
Moderator

Re: Azure SAML issue

@Dioma Assertion is not yet Valid means VPN server thinks that the Assertion's valid has not started, please check your VPN server time settings (System >> Overview >> Date & time settings) and fix if you have time skewed more than 5 minutes.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

7 REPLIES 7
zanyterp
Moderator

Re: Azure SAML issue

What does the events log show?
What does the user access log show?
Are you using the root/default URL or a different path?
Dioma
New Contributor

Re: Azure SAML issue

Hello, thanks for the reply.

yes I use the default url.

The user access shows the connections made under local system (I can't create users under the SAML idP I created).

And the Events just shows the number of connections, nothing about Azure.

r@yElr3y
Moderator

Re: Azure SAML issue

@Dioma Users are being redirected to Azure for authentication when accessing the VPN server URL from the browser, and receiving this error after redirected back to VPN post authenticating with Azure, correct?

 

Error states issue with SAML Artifact parameter missing, are we using SAML POST or Artifact method? Can you check the SAML metadata and see if you have SingleSignOn URL set as HTTP-POST and HTTP-REDIRECT value with the callback URL pointing to Azure?

PCS Expert
Pulse Connect Secure Certified Expert
Dioma
New Contributor

Re: Azure SAML issue

Users don't have redirection, they only have the Pulse sign-in page.

I got the error when testing from the Azure portal. 

 

We use Post as SSO method for the Azure idP.

And we have http-redirect and http-post with url pointing to Azure in the SAML metadata.

 

r@yElr3y
Moderator

Re: Azure SAML issue

@Dioma So it's IDP-Initiated SSO if you're initiating the login from the Azure portal. Can you please check the SAML response that's being sent to the VPN server and check if it's sending the correct SAML response because somehow the VPN server thinks that the Azure is sending SAML Artifact request instead of SAML POST.

PCS Expert
Pulse Connect Secure Certified Expert
Dioma
New Contributor

Re: Azure SAML issue

Thanks for the reply, I progress a little. 

I create a new sign-in page for the saml auth (with one realm), so users are now redirected to Azure.

but I have this error on the log:

'SAML Consumer received and processed 'Post', Status: 'FAILURE: No valid assertion found in SAML response' DetailedLogs:Assertion is not yet Valid'.

r@yElr3y
Moderator

Re: Azure SAML issue

@Dioma Assertion is not yet Valid means VPN server thinks that the Assertion's valid has not started, please check your VPN server time settings (System >> Overview >> Date & time settings) and fix if you have time skewed more than 5 minutes.

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post