Setting up SAML with Entra
Hi all,
Model M270
Version 12.11.4.B722644
I am looking at setting up SAML authentication on one of our firewalls, as a test for a wider adoption. I have followed all the steps in this process:
Everything looks like it took correctly. MUVPN groups are good. Enterprise App is up and running. But when I try to login via the client I get a blank "SAML Authentication Account" window, then it disappears and the client get stuck in a loop. I have to manually disconnect.
When I try to test the sign in on the Entra side I get a 404 unknown page. But I have definitely added the URLs correctly to both sides.
What have I missed?
Thanks in advance.
0
Sign In to comment.
Comments
Also, should this page still be accessible once the process is complete?
https://[Host name or IP address for Firebox SAML]/auth/saml
I would of thought this page was disabled once the SAML authentication was active. As it holds the certificate information etc?
Hi @ChrisSnape
If you're getting a 404 on the entra side, that sounds like something may not be set correctly, or something didn't provision correctly over there.
If you haven't already done so, I'd suggest creating a support case - one of our reps can help look into the issue with you.
-James Carson
WatchGuard Customer Support
The 404 appears when Entra tries to get to the HTTPS link for the Firebox. Could it be because I am still using the unsigned SSL cert on the firebox? Do I need to replace it with a signed one?
Hi @ChrisSnape
The Firebox imports a cert from Entra, but it's not the default webserver cert.
-James Carson
WatchGuard Customer Support