Security

Hi, 

We're using Azure AD and I've configured our Clearpass Server to use SAML as SP. The SP initiated SSO from the clearpass login page is working well, but if i try to login from MyApps Dashboar at AAD I'm getting an 403. 
We using the Azure application proxy for the way back into our internal network.  

Any ideas what I've probalby done wrong or how to analyze the issue further? 

Thanks
Jonny


------------------------------
Jonny
------------------------------

Have you replaced the default cert on the application in Azure?

------------------------------
Victor Fabian
------------------------------

Original Message:
Sent: Nov 01, 2020 12:47 PM
From: Jonny Klaas
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Hi,

We're using Azure AD and I've configured our Clearpass Server to use SAML as SP. The SP initiated SSO from the clearpass login page is working well, but if i try to login from MyApps Dashboar at AAD I'm getting an 403.
We using the Azure application proxy for the way back into our internal network.

Any ideas what I've probalby done wrong or how to analyze the issue further?

Thanks
Jonny

------------------------------
Jonny
------------------------------

Yep, CNAME was created and I've uploaded the correct certificate. From my understanding, all settings and forwarders at AAD are correct. I've have been authenticated successfully but clearpass miss something. There are no log entries at the access tracker.

------------------------------
Jonny 
------------------------------

Original Message:
Sent: Nov 01, 2020 01:13 PM
From: Victor Fabian
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Have you replaced the default cert on the application in Azure?

------------------------------
Victor Fabian

Original Message:
Sent: Nov 01, 2020 12:47 PM
From: Jonny Klaas
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Hi,

We're using Azure AD and I've configured our Clearpass Server to use SAML as SP. The SP initiated SSO from the clearpass login page is working well, but if i try to login from MyApps Dashboar at AAD I'm getting an 403.
We using the Azure application proxy for the way back into our internal network.

Any ideas what I've probalby done wrong or how to analyze the issue further?

Thanks
Jonny

------------------------------
Jonny
------------------------------

CPPM does not support IdP-initiated logins. You'd need to just add a static link in MyApps.

------------------------------
Tim C
------------------------------

Original Message:
Sent: Nov 01, 2020 01:18 PM
From: Jonny Klaas
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Yep, CNAME was created and I've uploaded the correct certificate. From my understanding, all settings and forwarders at AAD are correct. I've have been authenticated successfully but clearpass miss something. There are no log entries at the access tracker.

------------------------------
Jonny

Original Message:
Sent: Nov 01, 2020 01:13 PM
From: Victor Fabian
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Have you replaced the default cert on the application in Azure?

------------------------------
Victor Fabian

Original Message:
Sent: Nov 01, 2020 12:47 PM
From: Jonny Klaas
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Hi,

We're using Azure AD and I've configured our Clearpass Server to use SAML as SP. The SP initiated SSO from the clearpass login page is working well, but if i try to login from MyApps Dashboar at AAD I'm getting an 403.
We using the Azure application proxy for the way back into our internal network.

Any ideas what I've probalby done wrong or how to analyze the issue further?

Thanks
Jonny

------------------------------
Jonny
------------------------------

@timms 
Thanks for clarification! Didn't thought about this possibility.
Will try it with a static link and application proxy.​

------------------------------
Jonny
------------------------------

Original Message:
Sent: Nov 02, 2020 12:40 PM
From: Tim C
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

CPPM does not support IdP-initiated logins. You'd need to just add a static link in MyApps.

------------------------------
Tim C

Original Message:
Sent: Nov 01, 2020 01:18 PM
From: Jonny Klaas
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Yep, CNAME was created and I've uploaded the correct certificate. From my understanding, all settings and forwarders at AAD are correct. I've have been authenticated successfully but clearpass miss something. There are no log entries at the access tracker.

------------------------------
Jonny

Original Message:
Sent: Nov 01, 2020 01:13 PM
From: Victor Fabian
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Have you replaced the default cert on the application in Azure?

------------------------------
Victor Fabian

Original Message:
Sent: Nov 01, 2020 12:47 PM
From: Jonny Klaas
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Hi,

We're using Azure AD and I've configured our Clearpass Server to use SAML as SP. The SP initiated SSO from the clearpass login page is working well, but if i try to login from MyApps Dashboar at AAD I'm getting an 403.
We using the Azure application proxy for the way back into our internal network.

Any ideas what I've probalby done wrong or how to analyze the issue further?

Thanks
Jonny

------------------------------
Jonny
------------------------------

I had a different fix. For me, the cert that was popped out of the Base64 section was different than the Raw option. Raw worked, but Base64 did not. As well, the Test never worked for me...only logging in directly to ClearPass.

------------------------------
Greg Kamer
------------------------------

Original Message:
Sent: Nov 02, 2020 12:40 PM
From: Tim C
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

CPPM does not support IdP-initiated logins. You'd need to just add a static link in MyApps.

------------------------------
Tim C

Original Message:
Sent: Nov 01, 2020 01:18 PM
From: Jonny Klaas
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Yep, CNAME was created and I've uploaded the correct certificate. From my understanding, all settings and forwarders at AAD are correct. I've have been authenticated successfully but clearpass miss something. There are no log entries at the access tracker.

------------------------------
Jonny

Original Message:
Sent: Nov 01, 2020 01:13 PM
From: Victor Fabian
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Have you replaced the default cert on the application in Azure?

------------------------------
Victor Fabian

Original Message:
Sent: Nov 01, 2020 12:47 PM
From: Jonny Klaas
Subject: IDP initiated SSO / SAML with Azure AD "RelayState invalid / missing"

Hi,

We're using Azure AD and I've configured our Clearpass Server to use SAML as SP. The SP initiated SSO from the clearpass login page is working well, but if i try to login from MyApps Dashboar at AAD I'm getting an 403.
We using the Azure application proxy for the way back into our internal network.

Any ideas what I've probalby done wrong or how to analyze the issue further?

Thanks
Jonny

------------------------------
Jonny
------------------------------