Symptoms

• You receive a "502 Bad Gateway" error when attempting to log in to your DX SaaS APM dev tenant or ASM console.
• The error occurs sporadically or consistently during the authentication phase.
• Other tenants (such as Production) may continue to function correctly.

• DX App Synthetic Monitor (ASM)
• DX SaaS
• DX Operational Observability
• Federated Single Sign-On (FSSO) / External Identity Provider (IdP)

This issue typically occurs due to a communication failure or configuration error within your internal Federated Single Sign-On (FSSO) authenticator or Identity Provider (IdP). If the Broadcom SaaS infrastructure is verified as operational, the 502 error indicates that the gateway is unable to receive a valid response from your internal authentication service.

Since this issue originates from internal authentication infrastructure, you must coordinate with your internal security or IT teams to resolve it.

1. Verify SaaS Service Status: Check the Broadcom Service Status Page to confirm that DX O2 SaaS and ASM services are operational. If services are "Green," the issue is likely local to your environment.
2. Inspect FSSO/IdP Logs: You should ask your internal FSSO/authentication team to review their logs for any failed assertions or connection resets occurring during the login attempt.
3. Validate RelayState Configuration: You must ensure that your IdP is configured to correctly honor and pass the RelayState parameter required by the SaaS application.
4. Test Network Connectivity: You can perform a connectivity test (e.g., using curl) from your network to the SaaS authentication endpoints to ensure no local firewall or proxy is intercepting the traffic.

If your internal teams confirm that the FSSO authenticator is functioning correctly and the issue persists, please contact Broadcom Support for further investigation.