Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

SAML IDP initiated from Azure AD not working

SOLVED
Go to solution
manum
Occasional Contributor
‎12-21-2020 12:44:AM
‎12-21-2020 12:44:AM

SAML IDP initiated from Azure AD not working

Hello,

 

We have successfully configured a PCS as SP of a Azure AD instance. It is working perfectly fine when connecting on the gateway you are redirected to Azure AD sigin in page and then authenticated through SAML on the PCS.

Now customer wants to add a direct bookmark on its azure AD myapps portal to perform IDP initiated SSO when connecting on the PCS. Issue we have is that the PCS is refusing SAML assertion sent with "Missing Sign-in URL" error message. As someone already performed this kind of setup and help us with the resolution.

We have already followed a KB to populate relay-state option in Azure AD configuration but it seems not enough or wrongly configured.

 

Thanks for your help with this topic.

Regards.

Tags (2)
0 Kudos
2 ACCEPTED SOLUTIONS

Accepted Solutions
r@yElr3y
Moderator
Moderator
‎12-24-2020 02:44:AM
‎12-24-2020 02:44:AM

Re: SAML IDP initiated from Azure AD not working

@manum "Missing Sign-in URL" is either caused by missing/incorrect relay state or having multiple user realms mapped to the sign-in URL which is used for SAML.

 

Since SP redirected SAML auth works, then it proves only one user realm is mapped to the sign-in URL. Can you please capture the SAML response and decode to see if the right relay-state is being sent to the VPN?

PCS Expert
Pulse Connect Secure Certified Expert

View solution in original post

manum
Occasional Contributor
‎12-24-2020 02:49:AM
‎12-24-2020 02:49:AM

Re: SAML IDP initiated from Azure AD not working

Hello,

 

Thanks for the feedback. Yes I confirm it is working now.

 

Customer just made a mistake by configuring the relay state option on the bookmark and not directly on the SP resource in the Azure AD configuration.

 

As soon as he has correctly configured it at SP level it has started working fine. Thanks for your help.

 

Regards.

View solution in original post

2 REPLIES 2
r@yElr3y
Moderator
Moderator
‎12-24-2020 02:44:AM
‎12-24-2020 02:44:AM

Re: SAML IDP initiated from Azure AD not working

@manum "Missing Sign-in URL" is either caused by missing/incorrect relay state or having multiple user realms mapped to the sign-in URL which is used for SAML.

 

Since SP redirected SAML auth works, then it proves only one user realm is mapped to the sign-in URL. Can you please capture the SAML response and decode to see if the right relay-state is being sent to the VPN?

PCS Expert
Pulse Connect Secure Certified Expert
manum
Occasional Contributor
‎12-24-2020 02:49:AM
‎12-24-2020 02:49:AM

Re: SAML IDP initiated from Azure AD not working

Hello,

 

Thanks for the feedback. Yes I confirm it is working now.

 

Customer just made a mistake by configuring the relay state option on the bookmark and not directly on the SP resource in the Azure AD configuration.

 

As soon as he has correctly configured it at SP level it has started working fine. Thanks for your help.

 

Regards.

© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.