ADFS: Importing XML fails due to buffer size

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ADFS: Importing XML fails due to buffer size

L0 Member

When I try to import the ADFS XML file into PAN, it fails with an error regarding the buffer being only 10k lines while my import is 10,288 lines.

 

Anyone have any idea how to fix this?

3 REPLIES 3

L2 Linker

Hello,

 

You might want to try to perform the import from the command line to see if that helps. You will need to have an SCP or TFTP server available on which to host the metadata file.

 

scp import idp-metadata profile-name ADFS-SAML-PROFILE from <USERNAME>@<SCP/TFTP SERVER ADDRESS>:logs\FederationMetadata.xml

 

The aforementioned example assumes you are using an SCP server.  Substitute 'scp import' with 'tftp import'. Remember, you do not need to provide a username when using TFTP as TFTP does not permit for authentication.

 

Please let me know if that works for you.

 

-JeffH

 

Jeff Hochberg | Sr. Systems Engineer - Technical Business Development

Palo Alto Networks | Atlanta, GA |  USA

Mobile: 404.432.1112 | www.paloaltonetworks.com

 

The content of this message is the proprietary and confidential property of Palo Alto Networks and should be treated as such. If you are not the intended recipient and have received this message in error, please delete this message from your computer system and notify me immediately by reply e-mail. Any unauthorized use or distribution of the content of this message is prohibited.

 

L0 Member

Below solution worked.  I downloaded winSCP and copied the federationmetadata.xml to the root folder.

 

Ran the command below

admin@firewall(active)> scp import idp-metadata profile-name ADFS-SAML from student@192.168.1.10:FederationMetadata.xml
student@192.168.1.10's password:
FederationMetadata.xml 100% 76KB 75.6KB/s 00:00

Successfully imported ADFS-SAML into candidate configuration
admin@dtc-pa820-pri(active)>

EXCELLENT! I'm glad that worked for you!

 

If you would please be so kind as to select the 'Accept as Solution' button, that would be great!

 

Thanks for the follow-up!

 

Jeff Hochberg | Sr. Systems Engineer - Technical Business Development

Palo Alto Networks | Atlanta, GA |  USA

 

The content of this message is the proprietary and confidential property of Palo Alto Networks and should be treated as such. If you are not the intended recipient and have received this message in error, please delete this message from your computer system and notify me immediately by reply e-mail. Any unauthorized use or distribution of the content of this message is prohibited.

  • 7214 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!