https://live.paloaltonetworks.com/t5/panorama-discussions/okta-sso-activation-for-panorama-amp-fws-attached-to-panorama/m-p/1002999#M2739 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/253410">@Yuvaraj.Karvekar</a>&nbsp;wrote:<BR /> <P>Hi Team,&nbsp;</P> <P>&nbsp;</P> <P>I am trying to activate the Okta SSO login for the Panorama &amp; individual FWs login too via Okta.</P> <P>I am having the Active Panorama login working with okta SSO.&nbsp;</P> <P>Somehow with same config on the passive panorama while login getting the following error message.</P> <P><STRONG>"Error Displaying SAML error response page"&nbsp;</STRONG></P> <P>&nbsp;</P> <P><STRONG>Same cert installed on both the Panorama . Active is working , Passive is not .&nbsp;</STRONG></P> <P>&nbsp;</P> <P><STRONG>Anything I like to check, missing please ?</STRONG></P> <P>&nbsp;</P> <P><STRONG>Thanks &amp; Best Regards</STRONG></P> <P><STRONG>Yuvi</STRONG></P> <HR /></BLOCKQUOTE> <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/253410">@Yuvaraj.Karvekar</a>,</P> <P><SPAN>It sounds like you're almost there with setting up Okta SSO for both Active and Passive Panorama! Here are a few things to check that might help resolve the issue:</SPAN></P> <OL class="relative list-outside marker:text-foreground-750 dark:marker:text-foreground-600 flex flex-col ms-5 marker:normal-nums marker:text-sm-strong" start="1"> <LI> <P><SPAN><STRONG>Certificate Consistency</STRONG>: Ensure that the SAML certificates on both the Active and Passive Panorama are identical. Even slight differences can cause inconsistencies.</SPAN></P> </LI> <LI class="ps-2"> <P><SPAN><STRONG>SAML Settings</STRONG>: Verify that all SAML settings, including the SAML response, are correctly configured on the Passive Panorama. Sometimes, an incomplete attribute statement can cause issues.</SPAN></P> </LI> <LI class="ps-2"> <P><SPAN><STRONG>Time Sync</STRONG>: Ensure both active and passive devices are time-synchronized. SAML relies heavily on accurate timestamps.</SPAN></P> </LI> <LI> <P><SPAN><STRONG>Log Review</STRONG>: Check the Okta logs and Panorama system logs for detailed error messages that might give more insight into what's causing the issue.<BR /><BR />Best regards,<BR />James Goff</SPAN></P> </LI> </OL> Sat, 11 Jan 2025 08:52:31 GMT james589goff 2025-01-11T08:52:31Z https://live.paloaltonetworks.com/t5/panorama-discussions/okta-sso-activation-for-panorama-amp-fws-attached-to-panorama/m-p/1002998#M2738 <P>Hi Team,&nbsp;</P> <P>&nbsp;</P> <P>I am trying to activate the Okta SSO login for the Panorama &amp; individual FWs login too via Okta.</P> <P>I am having the Active Panorama login working with okta SSO.&nbsp;</P> <P>Somehow with same config on the passive panorama while login getting the following error message.</P> <P><STRONG>"Error Displaying SAML error response page"&nbsp;</STRONG></P> <P>&nbsp;</P> <P><STRONG>Same cert installed on both the Panorama . Active is working , Passive is not .&nbsp;</STRONG></P> <P>&nbsp;</P> <P><STRONG>Anything I like to check, missing please ?</STRONG></P> <P>&nbsp;</P> <P><STRONG>Thanks &amp; Best Regards</STRONG></P> <P><STRONG>Yuvi</STRONG></P> Sat, 11 Jan 2025 08:06:34 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/okta-sso-activation-for-panorama-amp-fws-attached-to-panorama/m-p/1002998#M2738 Yuvaraj.Karvekar 2025-01-11T08:06:34Z https://live.paloaltonetworks.com/t5/panorama-discussions/okta-sso-activation-for-panorama-amp-fws-attached-to-panorama/m-p/1002999#M2739 <BLOCKQUOTE><HR /><a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/253410">@Yuvaraj.Karvekar</a>&nbsp;wrote:<BR /> <P>Hi Team,&nbsp;</P> <P>&nbsp;</P> <P>I am trying to activate the Okta SSO login for the Panorama &amp; individual FWs login too via Okta.</P> <P>I am having the Active Panorama login working with okta SSO.&nbsp;</P> <P>Somehow with same config on the passive panorama while login getting the following error message.</P> <P><STRONG>"Error Displaying SAML error response page"&nbsp;</STRONG></P> <P>&nbsp;</P> <P><STRONG>Same cert installed on both the Panorama . Active is working , Passive is not .&nbsp;</STRONG></P> <P>&nbsp;</P> <P><STRONG>Anything I like to check, missing please ?</STRONG></P> <P>&nbsp;</P> <P><STRONG>Thanks &amp; Best Regards</STRONG></P> <P><STRONG>Yuvi</STRONG></P> <HR /></BLOCKQUOTE> <P>Hello&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/253410">@Yuvaraj.Karvekar</a>,</P> <P><SPAN>It sounds like you're almost there with setting up Okta SSO for both Active and Passive Panorama! Here are a few things to check that might help resolve the issue:</SPAN></P> <OL class="relative list-outside marker:text-foreground-750 dark:marker:text-foreground-600 flex flex-col ms-5 marker:normal-nums marker:text-sm-strong" start="1"> <LI> <P><SPAN><STRONG>Certificate Consistency</STRONG>: Ensure that the SAML certificates on both the Active and Passive Panorama are identical. Even slight differences can cause inconsistencies.</SPAN></P> </LI> <LI class="ps-2"> <P><SPAN><STRONG>SAML Settings</STRONG>: Verify that all SAML settings, including the SAML response, are correctly configured on the Passive Panorama. Sometimes, an incomplete attribute statement can cause issues.</SPAN></P> </LI> <LI class="ps-2"> <P><SPAN><STRONG>Time Sync</STRONG>: Ensure both active and passive devices are time-synchronized. SAML relies heavily on accurate timestamps.</SPAN></P> </LI> <LI> <P><SPAN><STRONG>Log Review</STRONG>: Check the Okta logs and Panorama system logs for detailed error messages that might give more insight into what's causing the issue.<BR /><BR />Best regards,<BR />James Goff</SPAN></P> </LI> </OL> Sat, 11 Jan 2025 08:52:31 GMT https://live.paloaltonetworks.com/t5/panorama-discussions/okta-sso-activation-for-panorama-amp-fws-attached-to-panorama/m-p/1002999#M2739 james589goff 2025-01-11T08:52:31Z