SAML Authentication with multiple servers

I have the WebUI and Web Reports on separate servers from the BigFix server. For added fun. the BigFix server is a DSA pair.

Any anyone tried to get SAML authentication (we are actually using a Shibboleth implementation to manage the SAML/Multifactor Authentication) working when using more than one server?

I can get the authentication to work when logging into the WebUI and can log in successfully from there. When I try to log in using the Console, I get a blank window, then after a timeout period I see a Security Alert telling me it can’t validate the certificate on the BigFix server (seems to be the Masthead Certificate information). I install the certificate, but then I’m presented with a “The website cannot display the page” message in the blank window.

Anyone else faced this issue and resolved it? I have an open PMR with IBM but am still waiting to hear back from someone.

To answer my own question …
It works fine across multiple servers as long as each server has it’s own ACS defined.

We’re doing it using Shibboleth in order to facilitate Multi Factor Authentication.

The only snag I ran into with it was that IE on the computer running the Console needs to be configured to accept certificates where the server name doesn’t match the certificate information. Without turning off the check, you can’t authenticate.

Hi Tim, I have the same issue. My root server and webreports are one Windows server and webui are on a separate server. After configuring SAML ADFS, I am able to login into webui but cannot login to webreports or console. What IE setting you had to change on the root (console) server to make it work. It is IE 11.

Thanks