Which SAML IDPs work with Blue Coat Web Security Services?


Article ID: 167472


Updated On:


CDP Integration Server


The following information might be updated as new Identity Providers (IDPs) are configured to work with the Blue Coat Web Security Service (WSS).


  • If a query string is required in the Endpoint URL then select the Endpoint Type of Post Endpoint, the query string is highlighted in the following example of an endpoint URL, https://idp.domain.com/sso/idp/SSO.saml?idpid=uniquieid_number
  • If the keyUsage extension is included in the certificate, it must also have the keyCertSign bit set, as stated in RFC 5280, to work with WSS.  Another possible option is to not include the key usage extension in the certificate.

Blue Coat Auth Connector

  • Successfully works as an IDP (IDP option must be selected during installing of the Auth Connector).

Microsoft ADFS

  • Tested and works.


  • Confirmed to work in multiple customer environments.


  • The entity ID must be unique for WSS. Currently, all WSS customers use the same entity ID of https://saml.threatpulse.net:8443/saml/saml_realm.  Blue Coat plans to develop a unique entity ID for its WSS customers; this is currently targeted to be completed mid-2015 (this time frame is conditional and might change without notice).

OneLogin (onelogin.com)

  • Fails to work in one customer environment because of  the minted certificate including the keyUsage extension but not including the keyCertSign bit.