Solved: Cisco secure access, DUO SAML "Invalid SAML response"

hadi123 · ‎11-21-2024

Im getting an error "Invalid SAML response" when trying to enroll users from secure client zta, I have authenticated through duo, I tested the configuration of SAML authentication in Secure access and appears to be completed. Asking assistance on how to resolve the issue of "Invalid SAML response".

howe · ‎11-25-2024

If its configured as specified - and assuming you dont have anything blocked that is used for the authentication, it should work. Perhaps log a ticket with TAC?

View solution in original post

howe · ‎11-22-2024

Hi - are the users also synchronised to the Secure Access Dashboard, via Azure enterprise app or whatever? Have you followed this article? https://docs.sse.cisco.com/sse-user-guide/docs/configure-duo-security-for-saml

hadi123 · ‎11-24-2024

Yes, users connected to Secure Access Dashboard, via Active Directory on prem, and I also followed the article

howe · ‎11-25-2024

If its configured as specified - and assuming you dont have anything blocked that is used for the authentication, it should work. Perhaps log a ticket with TAC?

hadi123 · ‎11-25-2024

Yes I dont have anything blocked that is used for authentication. When i copy and paste the sso url in web browser I get this issue, and when I try to test it in secure client zta the message is still in "Invalid SAML Response"

Darkmatter · ‎12-10-2024

Make sure all necessary domains from the documentation are exempted from HTTPS inspection.

I've experienced the same issue and this was the solution.