IDCS: Palo Alto SAML integration cannot open SignIn page in Unix/Android devices (Doc ID 2878794.1)

Last updated on MARCH 30, 2023

Applies to:

Identity Cloud Service (IDCS) - Version N/A to N/A
Information in this document applies to any platform.

Symptoms

I have a SAML issue, noting that the provided certificate has failed and users are unable to login with the SAML because of that.
This is the error i get: Failed to validate the signature in IdP certificate "crt.OCI-SAML-IDP.shared" of entity Id "https://idcs-GUID.identity.oraclecloud.com:443/fed"

The above SAML error only impacts Linux and Unix devices connecting through Global Protect application in Palo Alto.

Linux and Android devices do not display the sign in page for IDCS. Other device types (Windows / Apple) are working despite the above error showing when committing the changes in Palo Alto VPN.

Changes

Palo Alto Embedded App browser cannot open IDCS sign in page libraries. In IDCS, these load with successful responses.

Cause

	To view full details, sign in with your My Oracle Support account.
	Don't have a My Oracle Support account? Click to get started!

In this Document

My Oracle Support provides customers with access to over a million knowledge articles and a vibrant support community of peers and Oracle experts.

IDCS: Palo Alto SAML integration cannot open SignIn page in Unix/Android devices (Doc ID 2878794.1)

Applies to:

Symptoms

Changes

Cause

To view full details, sign in with your My Oracle Support account.

Don't have a My Oracle Support account? Click to get started!