Using a federated SAML single sign-on (SSO) with Broadcom Login for one or more Broadcom services, administrators are unable to log in using the Identity Provider credentials. Administrators receive a “400 Login Failed” error.

Broadcom Login and SAML or a SAML-based IdP are configured on one or more of the following services:

• AppNeta
• Broadcom Support Portal
• Cloud Secure Web Gateway (Cloud SWG)/Web Security Service (WSS)
• CloudSOC Cloud Access Security Broker (CASB)
• Enterprise Console
• Email Security.cloud
• Partner Support Console
• SEPMobile
• Symantec Endpoint Security (SES)
• TEX/SWAT  

Your IdP settings do not contain the correct metadata (for example, the signature certificate or IdP Issuer URI) from the Identity Provider, which is required for encryption and SSO.

If you have access to the IdP configuration related to Broadcom services, you can update the metadata in your Broadcom IdP federation settings to ensure the correct information from your Identity Provider is present.

1. In the console for your Identity Provider, download the metadata XML file.
   
   Note:
   
   For some Azure IdPs, the metadata is publicly available and can be retrieved by using the following URL, where domain.com is the actual domain name:
   
   https://login.microsoftonline.com/domain.com/FederationMetadata/2007-06/FederationMetadata.xml
   
   Before applying the metadata, ensure it contains the required certificate.
   
   
2. In the console for your Broadcom service, upload the metadata to the IdP settings:
   

• • For instructions for Your Account Self Service, see Identity Provider Page.
  • For instructions for Symantec Endpoint Security, see Configuring a SAML 2.0-based identity provider for Symantec Endpoint Security.

If you do not have access to the IdP configuration for your service, contact Support for assistance.