Have you taken the Application Name Service rules from the TechNote?
Do you see the Service Classification failed for the IdP or for the SP?
If you receive a Classification Failed, you either have:
- no Application Service configured (note that the service type is different than RADIUS, TACACS or WebAuth)
- or none of the services had matching Service Rules.
One method that works in most cases, is to create a generic Service on the bottom of the service list, that has a dummy matching rule, like Application Name EXISTS (matches on everything); then if you try to access it, in the Access Tracker you should be able to see the Request contents and find the used information there to fine-tune your service rules.
For the IdP, Application Name EQUALS SAML should work,
For the SP, Authentication Type EQUALS SSO should work.
Herman