Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
954
Views
10
Helpful
1
Replies

CSCvs09267 - AnyConnect ASA fails to add "?" character while sending HTTP request to SAML sign-out url

ucberry
Level 1
Level 1

‎03-15-2020 03:08 PM

You can type "?" at the CLI by simply doing Ctrl+V followed by a question mark. I tested this, using the exact same URL (Setting up Azure AD SSO / SAML).

2 people had this problem
Labels:
1 Reply 1

Johh_Dow
Level 1
Level 1

‎07-08-2020 06:40 PM

@ucberry wrote:

You can type "?" at the CLI by simply doing Ctrl+V followed by a question mark. I tested this, using the exact same URL (Setting up Azure AD SSO / SAML).

 

Champion ucberry, this fixed SAML for me.

 

When entering the Azure SAML sign-out URL on the CLI, I was receiving a 'WORD < 500 char' error but then it would chop out the ? in the URL automatically on the next line and if you hit enter again, it adds it to the config. Tricky to catch exactly what happened! And in my case, it stopped my SAML from working.

 

I was receiving the 'Authentication failed due to problem retrieving the single sign-on cookie' error and everything on Google and Cisco just tells you to restart the ASA or disable / re-enable SAML under the Tunnel-Group which obviously doesn't fix the problem for this issue.

 

I was receiving this log in ASDM: "Failed to consume SAML assertion. reason: The identifier of a provider is unknown to #LassoServer.
To register a provider in a #LassoServer object, you must use the methods lasso_server_add_provider() or lasso_server_add_provider_from_buffer().."

 

 

I reverifed my SAML config line by line and finally saw the missing ? and found ucberry's workaround to input the correct URL using the Ctrl+V method.

 

SAML starting working instantly.

0 Helpful
Customers Also Viewed These Support Documents
Top