WSS Agent used to connect to WSS
SAML Authentication enabled so that users get a popup to enter their SAML IDP login credentials
Instead of getting the WSS Agent popup page, the following error is reported indicating that the pod.threatpulse.com page cannot be reached
The WSS SAML configuration was not pointing to the correct SAML IDP server, but actually pointing to WSS SAML endpoints.
Admin had imported the WSS SAML metadata into the SAML IDP metadata field, triggering WSS into sending the SAML AuthnRequest to itself!
WSS Agent 7.3.x+ with SAML support
Make sure that the exported SAML IDP Server metadata (Azure in our case) is imported into the WSS Portal. The endpoint URL and Entity ID will reference Azure endpoints and not saml.threatpulse.net endpoints when the problem occurs.
Can bring up a browser and access http://pod.threatpulse.com to confirm if the IDP login page is rendered (seperate from the WSS Agent login approach). If this fails, as it did here, it implies a general SAML issue that is independent of WSS agent.
Reproducing this in a browser or popup and getting HAR file, we could see the following exchanges (NOTE that the SAML AuthnRequest is being sent to BCSAMLPOST endpoint, which is where the SAML IDP server sends the assertion/SAMLResponse)
Identifying this as the culprit allows the admin point to the SAML SP configuration (WSS in this case) sending the AuthnRequest to the wrong location - checking the WSS SAML SP configuration then showed up the error.