Error Parsing Metadata when configuring SSO with Azure AD
search cancel

Error Parsing Metadata when configuring SSO with Azure AD

book

Article ID: 250795

calendar_today

Updated On:

Products

CASB Gateway CASB Security Advanced CASB Security Advanced IAAS CASB Security Premium CASB Security Premium IAAS CASB Security Standard CASB Securlet IAAS CASB Securlet SAAS

Issue/Introduction

When adding the Federation Metadata URL into the IDP Metadata identity provider field, the following error is received:

Error Parsing Metadata with a Reference ID.

 

Environment

CASB 3.151
Azure AD

Cause

Microsoft has made some changes to Azure AD and the documentation doesn't currently address those changes.

Resolution

To resolve follow the steps below:

  1. Log in to the Azure AD management portal as an administrator
  2. Click the Enterprise applications tab
  3. Click + New Application
  4. Click + Create your own application
  5. Enter a name and choose "Integrate any other application you don't find in the gallery (Non-gallery)". Then click Create



  6. Choose the Single Sign-on page
  7. Select the SAML sign-on method
  8. In section 1, Basic SAML Configuration, click Edit



  9. Enter the following:
    Identifier (Entity ID) = https://app.elastica.net/  (Make sure this is default)
    Reply URL = https://app.elastica.net/saml2/acs/
    Sign on URL = https://app.elastica.net/saml2/acs/
    Relay State = leave blank
    Logout URL = https://app.elastica.net/saml2/ls/


    Note: If in the EU see the URLs in Additional Information Below

  10. In the Users and Groups page, add any user or group that should be able to use SSO to login to CloudSOC
  11. In section 3, SAML Signing Certificate, Download the Federation Metadata XML file



  12. Log in to CloudSOC with your admin login
  13. Go to Settings and select Single Sign-on
  14. Select Custom IDP from the drop down
  15. Provide an IDP name and Description
  16. Fill out the rest of the information as in the example below:
  17. Select SHA256
  18. Upload the Federation Metadata XML file from step 11
  19. Click Configure. A success message is displayed informing you that SSO was configured successfully

Additional Information

EU URLS:

Identifier (Entity ID) = https://app.eu.elastica.net/  (Make sure this is default)
Reply URL = https://app.eu.elastica.net/saml2/acs/
Sign on URL = https://app.eu.elastica.net/saml2/acs/
Relay State = leave blank
Logout URL = https://app.eu.elastica.net/saml2/ls/