2 Replies Latest reply on Jan 25, 2017 3:11 AM by martijn.jongen

    SAML authentication using an external Identity Provider - does not set cookie




      I'm trying to implement the 'SAML authentication using an external Identity Provider' ruleset as described in the product guide (v7.6.2 page 510). So far what I've got working is:


      1. When client access the web, the McAfee redirects to the authentication server
      2. Authentication server redirects to the IDP (Microsoft ADFS)
      3. After authentication, client is directed to authentication server
      4. SAML response is parsed successfully, desired attributes are extracted (username, groups etc)
      5. Now things get messy. Client (non-Microsoft, firefox) appears to be stucked in some loop. I don't see a cookie being set anyware, I even think this is not in the ruleset - for sure not in the 'set cookie for authenticated clients' rule. As a result, the client is sent to the 'Cookie Authentication at Authentication Server' ruleset over and over again, and the 'redirect client that have a valid cookie' ruleset is never triggered.


      Has anyone did this before?


      Thank you & kind regards,