I am trying to setup the single sign-on for our BigFix Inventory Server using SAML as the protocol(OKTA).
The app runs on port 9082, so I provided the following URL to our OKTA Administrator in order to create a new entry in OKTA for this.
https://hostname.com:9082/ibm/saml20/defaultSP
And I received from him the IdP SSO URL and the IdP Issuer URL, along with the cert file generated by OKTA.
I then followed the documentation in the BigFix Inventory Administrator’s guide
I created a single sing-on admin user and a local admin user. And Enabled the configuration. I restarted the server and after that every time I hit the BigFix Inventory URL, I land in an error page with the message:
Error 404: SAML20_AUTHENTICATION_FAIL
Has anyone properly configured SAML Authentication using OKTA for the BigFix Inventory Server?
I have done it for WebUI, the Console and Web Reports but the BFI server is not working.
One suggestion - if you need further troubleshooting tools, I found SAML Tracer extension for browser to be excellent (available in Chrome, Edge, FF, etc) - it allows you to check the exact SAML Request sent to Okta and SAML Response sent back to BFI, so you can actually compare them and spot mismatches.
Using the documentation for BigFix Compliance worked. Hopefully the HCL BigFix team creates a similar and updated document for BigFix Inventory as this will reduce the time it takes to properly setup the configuration.
