cancel
Showing results for 
Search instead for 
Did you mean: 

SAML IDP initiated from Azure AD not working

SOLVED
manum
Occasional Contributor

SAML IDP initiated from Azure AD not working

Hello,

 

We have successfully configured a PCS as SP of a Azure AD instance. It is working perfectly fine when connecting on the gateway you are redirected to Azure AD sigin in page and then authenticated through SAML on the PCS.

Now customer wants to add a direct bookmark on its azure AD myapps portal to perform IDP initiated SSO when connecting on the PCS. Issue we have is that the PCS is refusing SAML assertion sent with "Missing Sign-in URL" error message. As someone already performed this kind of setup and help us with the resolution.

We have already followed a KB to populate relay-state option in Azure AD configuration but it seems not enough or wrongly configured.

 

Thanks for your help with this topic.

Regards.

Tags (2)
2 ACCEPTED SOLUTIONS

Accepted Solutions
r@yElr3y
Moderator

Re: SAML IDP initiated from Azure AD not working

@manum "Missing Sign-in URL" is either caused by missing/incorrect relay state or having multiple user realms mapped to the sign-in URL which is used for SAML.

 

Since SP redirected SAML auth works, then it proves only one user realm is mapped to the sign-in URL. Can you please capture the SAML response and decode to see if the right relay-state is being sent to the VPN?

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

manum
Occasional Contributor

Re: SAML IDP initiated from Azure AD not working

Hello,

 

Thanks for the feedback. Yes I confirm it is working now.

 

Customer just made a mistake by configuring the relay state option on the bookmark and not directly on the SP resource in the Azure AD configuration.

 

As soon as he has correctly configured it at SP level it has started working fine. Thanks for your help.

 

Regards.

View solution in original post

2 REPLIES 2
r@yElr3y
Moderator

Re: SAML IDP initiated from Azure AD not working

@manum "Missing Sign-in URL" is either caused by missing/incorrect relay state or having multiple user realms mapped to the sign-in URL which is used for SAML.

 

Since SP redirected SAML auth works, then it proves only one user realm is mapped to the sign-in URL. Can you please capture the SAML response and decode to see if the right relay-state is being sent to the VPN?

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

manum
Occasional Contributor

Re: SAML IDP initiated from Azure AD not working

Hello,

 

Thanks for the feedback. Yes I confirm it is working now.

 

Customer just made a mistake by configuring the relay state option on the bookmark and not directly on the SP resource in the Azure AD configuration.

 

As soon as he has correctly configured it at SP level it has started working fine. Thanks for your help.

 

Regards.

View solution in original post