Hello,
I’m trying to configure SAML/Okta integration in Cisco APIC and after setting up the IDP (company.okta.com) there’s a fault “SAML provider unreachable”. Curl tests are successful directly to the corresponding metadata URI, but there is no reply to ping (assuming this is by design).
After discussion with Cisco TAC it seems the APIC requires ping response - is this going to be possible?
errors found in nginx.bin.log:
8034||2022-02-10T14:43:27.528280586-06:00||aaa||DBG4||co=doer:255:127:0xff0000000bbcb3b6:1||Appending provider uni/userext/samlext/samlprovider-company.okta.com to list of servers to be checked||…/svc/extXMLApi/src/gen/ifc/app/./pam/PamWorker.cc||1412
8062||2022-02-10T14:43:30.278823605-06:00||aaa||DBG4||||ping timed out for company.okta.com (uni/userext/samlext/samlprovider-company.okta.com), 2 retries left||…/svc/extXMLApi/src/gen/ifc/app/./ping/lib_ifc_ping.cc||402 bico 28.122
8062||2022-02-10T14:43:32.779894223-06:00||aaa||DBG4||||ping timed out for company.okta.com (uni/userext/samlext/samlprovider-company.okta.com), 1 retries left||…/svc/extXMLApi/src/gen/ifc/app/./ping/lib_ifc_ping.cc||402 bico 30.278
8062||2022-02-10T14:43:35.280776887-06:00||aaa||DBG4||||All retries exhausted for company.okta.com (uni/userext/samlext/samlprovider-company.okta.com) - we declare it dead||…/svc/extXMLApi/src/gen/ifc/app/./ping/lib_ifc_ping.cc||409 bico 33.123