https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-admin-ui-saml-authentication-failures/m-p/999988#M5314 <P>A few months ago, a failure occurred with SAML authentication configured between Azure and Palo Alto for firewall management. It is believed to have arisen from a flaw that occurred with Microsoft in late October and early November.</P><P>The issue is that the SSO works in even takes you to Microsoft authentication with their MFA and such and it redirects to the ACS URL (<A href="https://my" target="_blank">https://my</A> ip:443/SP/ACS) and shows that the page was not found with a 404 error. Tried reloading the configuration or the XML with the metadata to Palo Alto but still the same problem. Created a new SAML auth and authentication profile, but everything remains the same. From the Azure side it is seen that the authentication is allowed as well as the MFA validation with the mobile app used for it and following the Microsoft and Palo Alto documentation, the configuration is correct. The reason for the failure is unknown and from the Palo Alto side the traces are limited, only the client redirection to the Microsoft URL for validation via SAML is seen.</P><P>Translated with DeepL.com (free version).<BR /><BR />Does anybody know about this problem? The firmware in Palo Alto is&nbsp;<SPAN>11.1.4-h1<BR /><BR /></SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="nportilla_0-1735839255571.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/65011i591E768955D06B9F/image-size/medium?v=v2&amp;px=400" role="button" title="nportilla_0-1735839255571.png" alt="nportilla_0-1735839255571.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="nportilla_1-1735839291165.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/65012iFF0338668088E242/image-size/medium?v=v2&amp;px=400" role="button" title="nportilla_1-1735839291165.png" alt="nportilla_1-1735839291165.png" /></span></P><P>&nbsp;</P><P><SPAN>&nbsp;</SPAN></P> Thu, 02 Jan 2025 17:37:35 GMT N.Portilla 2025-01-02T17:37:35Z https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-admin-ui-saml-authentication-failures/m-p/999988#M5314 <P>A few months ago, a failure occurred with SAML authentication configured between Azure and Palo Alto for firewall management. It is believed to have arisen from a flaw that occurred with Microsoft in late October and early November.</P><P>The issue is that the SSO works in even takes you to Microsoft authentication with their MFA and such and it redirects to the ACS URL (<A href="https://my" target="_blank">https://my</A> ip:443/SP/ACS) and shows that the page was not found with a 404 error. Tried reloading the configuration or the XML with the metadata to Palo Alto but still the same problem. Created a new SAML auth and authentication profile, but everything remains the same. From the Azure side it is seen that the authentication is allowed as well as the MFA validation with the mobile app used for it and following the Microsoft and Palo Alto documentation, the configuration is correct. The reason for the failure is unknown and from the Palo Alto side the traces are limited, only the client redirection to the Microsoft URL for validation via SAML is seen.</P><P>Translated with DeepL.com (free version).<BR /><BR />Does anybody know about this problem? The firmware in Palo Alto is&nbsp;<SPAN>11.1.4-h1<BR /><BR /></SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="nportilla_0-1735839255571.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/65011i591E768955D06B9F/image-size/medium?v=v2&amp;px=400" role="button" title="nportilla_0-1735839255571.png" alt="nportilla_0-1735839255571.png" /></span><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="nportilla_1-1735839291165.png" style="width: 400px;"><img src="https://live.paloaltonetworks.com/t5/image/serverpage/image-id/65012iFF0338668088E242/image-size/medium?v=v2&amp;px=400" role="button" title="nportilla_1-1735839291165.png" alt="nportilla_1-1735839291165.png" /></span></P><P>&nbsp;</P><P><SPAN>&nbsp;</SPAN></P> Thu, 02 Jan 2025 17:37:35 GMT https://live.paloaltonetworks.com/t5/next-generation-firewall/palo-alto-admin-ui-saml-authentication-failures/m-p/999988#M5314 N.Portilla 2025-01-02T17:37:35Z