Follow the steps below to resolve this issue by modifying the metadata file on the PCS device for the Pulse One IdP configuration and reload it with the correct entity IDs:
- On the PCS device, sign in as admin and go to System > Configuration > SAML.
- Select the Metadata entry for the Pulse One Service Provider.
- Click on the Download icon indicated in the screenshot above.
- Open the downloaded metadata file with a text editor. It will look similar to the example below:
<md:EntityDescriptor xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" entityID="https://api.domain.com/api/v1/saml/sso?realm=hostname.domain.com/sp-metadata">
<md:SPSSODescriptor WantAssertionsSigned="0" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<md:AssertionConsumerService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://api.domain.com/api/v1/saml/sso?realm=hostname.domain.com/sp-metadata" index="1" isDefault="1"/>
</md:SPSSODescriptor>
</md:EntityDescriptor
- Modify the URL in the entityID and the Location fields from https://api.domain.com to https://hostname.domain.com where hostname.domain.com is the common name found in the Pulse One device certificate.
- Save the file with a new name.
- Navigate to System > Configuration > SAML and click New Metadata Provider.
- Enter a name for the Metadata provider then select Local and click Choose File.
- Browse for and select the Metadata file that was modified in step 5.
- Select Accept Unsigned Metadata.
- At the bottom of the page, select Service Provider for this Metadata provider.
- Save Changes.
- Go to Signing In > Sign-In SAML > Identity Provider and scroll to the bottom of the page where the Peer Service Providers are listed.
- Select the original Peer Service Provider and click Delete SP.
- Navigate to System > Configuration > SAML and delete the Metadata entry that was used before.
- Navigate to Signing In > Sign-In SAML > Identity Provider and scroll to the bottom of the page and click Add SP.
- From the the Entity ID drop-down menu, select the Entity ID of the SP that was modified in step 5 above. (Configure any other custom settings here that are needed.)
- Click Save Changes.
- Navigate to Authentication > Signing In > Metadata Provider.
- Download the Metadata provider then open the contents in a text editor.
- Copy the contents of the metadata provider.
- Login to Pulse One as local admin.
- Select the settings gear in the upper right corner of the page.and select Pulse One Properties.
- Expand the Enterprise Connections section.
- Click the edit icon for the SAML Identity Provider Metadata file. This will open a text view of the metadata contents.
- Paste the contents of the metadata file copied in step 21 and click Save. This will update the SAML Service Provider Metadata contents as required.
- Sign out of Pulse One and log back in with SSO Enterprise access.