cancel
Showing results for 
Search instead for 
Did you mean: 

SAML authentication using an external Identity Provider - does not set cookie

Jump to solution

Hello,

I'm trying to implement the 'SAML authentication using an external Identity Provider' ruleset as described in the product guide (v7.6.2 page 510). So far what I've got working is:

  1. When client access the web, the McAfee redirects to the authentication server
  2. Authentication server redirects to the IDP (Microsoft ADFS)
  3. After authentication, client is directed to authentication server
  4. SAML response is parsed successfully, desired attributes are extracted (username, groups etc)
  5. Now things get messy. Client (non-Microsoft, firefox) appears to be stucked in some loop. I don't see a cookie being set anyware, I even think this is not in the ruleset - for sure not in the 'set cookie for authenticated clients' rule. As a result, the client is sent to the 'Cookie Authentication at Authentication Server' ruleset over and over again, and the 'redirect client that have a valid cookie' ruleset is never triggered.

Has anyone did this before?

Thank you & kind regards,

Martijn

0 Kudos
1 Solution

Accepted Solutions

Re: SAML authentication using an external Identity Provider - does not set cookie

Jump to solution

Hi,

I've found the issue: The entry in the SAMLAuthResponseList was wrong. After that most of things are working now. Only for some specific ssl sites it seems that authentication is bypassed (facebook, google ). I've to dive deeper into this to find out what's happening there.

0 Kudos
2 Replies
asabban
Level 17

Re: SAML authentication using an external Identity Provider - does not set cookie

Jump to solution

Setting the cookie is part of the authentication server, so there is no place in the policy or rule tracing where you can see MWG executing an explicit event for setting the cookie.

Do you have any chance to check with Firefox and the development tools if there is a Set-Cookie header returned by MWG?

You can go to the Firefox Settings - Developer Settings - Web Console and there should be a tab called "network analysis". Here you should see that MWG sets a cookie after the SAML authentication succeeded.

Best,

Andre

0 Kudos

Re: SAML authentication using an external Identity Provider - does not set cookie

Jump to solution

Hi,

I've found the issue: The entry in the SAMLAuthResponseList was wrong. After that most of things are working now. Only for some specific ssl sites it seems that authentication is bypassed (facebook, google ). I've to dive deeper into this to find out what's happening there.

0 Kudos