I followed it the best I could (it's pretty generic), but it's not working. Let me explain what I'm seeing…
The APM presents the login form fine, and I'm able to properly authenticate against the domain. Where I think the problem is coming in is when the IDP *should* be redirecting the user back to the SP. What I see when I follow the requests is:
User submits form, the form is submitted to the page my.policy on the APM
The APM then redirects the browser to /idp?SAMLRequest=<the encoded request packet>
This is where things stop, the redirect from step 2 times out
When I watch another, working SAML application I see that after step 2 the browser is redirected to a URL starting with "/saml/idp/profile/redirectorpost/sso?SAMLRequest=". That page redirects the browser back to the SP.
Has anybody seen something like this before? Am I right in thinking that the URL that the form submission redirects to is incorrect in the KnowBe4 version of the configuration? If so, what magic incantation do I use to fix it?
I used the Guided Configuration to setup to SSO application, and I used the KnowBe4 application option
I would suggest increasing the Access Policy logs to debug and see if there are any errors. Also you can use the following to decode the SAML Requests for troubleshooting:
