SAML and Palo Alto Networks Admin UI? Skip to main content
https://support.okta.com/help/answers?id=9062a000000xzr6qag&refurl=http%3a%2f%2fsupport.okta.com%2fhelp%2fanswers
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
1
2
3
4
5
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Ask Search:
James BrischJames Brisch 

SAML and Palo Alto Networks Admin UI?

I've been attempting to configure SAML authentication via Okta to my Palo Alto Networks firewall AdminUI.  After authentication, the PA provides me with:

SSO Response Status
Status: N/A
Message: Empty SSO relaystate

I've tried configuring the relay state in Okta based upon information from several forum posts, online documentation about the relaystate parameter, and a "relaystate" generator.  I've used everything from a single letter, to the PA URL, to a URL encoded version of the PA dashboard.  Thoughts?

Best Answer chosen by James Brisch
James BrischJames Brisch
Further research has provided the knowledge that Palo Alto does not support IdP initiated sign on.

All Answers

James BrischJames Brisch
Further testing has shown that SP initiated login works flawlessly.
James BrischJames Brisch
Further research has provided the knowledge that Palo Alto does not support IdP initiated sign on.
This was selected as the best answer