I opened a support ticket because PSU is not using the defined proxy when attempting to connect to https://login.microsoftonline.com during the SAML2 authentication process. Since the traffic isn’t going through our proxy it is being blocked by our firewall and auth is failing.
The response I got after going in a few circles was “I will open an internal item with our development team so they can review this behavior and determine whether we can improve or document it in a future version. At this time I cannot promise any specific outcome or ETA.”
Saying I am not happy with that result would be an understatement. Having SAML2 working is a new requirement internally and bypassing the proxy is not an option.
Thanks for the reply we do have the proxy set in the PSU admin menu and we also have those environment variables set. We have found that those things fix most of the proxy related issues as well but not in this case unfortunately.
Well, I got it working completely by accident. I was rechecking everything and I saw that the no_proxy env had our local domain but not localhost and 127.0.0.1 so I added them and restarted the service. I was then able to login using SAML2. That didn’t make sense to me so I removed them and restarted the service again and it failed again. Again putting it back fixed it.
Could be to do with GRPC calls, I’ve had issues with supposedly completely local calls failing because I didnt have a proxy bypass for local host, so it could be using grpc to initiate whatever it’s doing with SAML2