Prisma Access - User Mobile - Azure SAML - Wildcard

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Prisma Access - User Mobile - Azure SAML - Wildcard

L2 Linker

 

Hey guys,

 

Referring the Prisma Access Mobile User documentation https://www.paloaltonetworks.com/resources/guides/prisma-access-for-users-deployment-guide 

 

Page-88 specify that wildcard must be used to configure the SAML Azure Enterprise Application (SSO config) :

 

Step 13: In the next Identifier (Entity ID) box, enter https://*.gw.gpcloudservice.com:443/SAML20/SP.
Step 14: In the Reply URL (Assertion Consumer Service URL) box, enter https://*.gpcloudservice.com:443/SAML20/
SP/ACS.


However, the wildcard utilization seems to not be supported (or not anymore supported) by Azure SAML configuration.  I tried using the APP Registration "manifest" tool, and adding the wildcard "URI" within the JSON with NO SUCCESS.  The only way that I make it worked, was by configuring the complete gateway URI, which is not scalable since "a lot of gateways" !! 

 

Any clue on this, or have you heard something about it ? 

 

Regards,

D.

 
 
 
 

 

 

 

7 REPLIES 7

I have been told by Palo TAC there is an opened issue with Microsoft/Azure to find solution about the "wildcard" URL within the Azure SAML config (Identifier Entity ID)  that's look like no more supported in Azure.

 

Thx.

D.

Thank you for the update.

https://www.paloaltonetworks.com/resources/guides/prisma-access-for-users-deployment-guide

 

FYI, I notice that new May 2020 documentation has been updated and SAML wildcard setting has been removed.from configuration. 

 

Regards,

Dominic 

 

 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!