Cisco ACI + Okta requires ping response


I’m trying to configure SAML/Okta integration in Cisco APIC and after setting up the IDP ( there’s a fault “SAML provider unreachable”. Curl tests are successful directly to the corresponding metadata URI, but there is no reply to ping (assuming this is by design).

After discussion with Cisco TAC it seems the APIC requires ping response - is this going to be possible?

errors found in nginx.bin.log:

8034||2022-02-10T14:43:27.528280586-06:00||aaa||DBG4||co=doer:255:127:0xff0000000bbcb3b6:1||Appending provider uni/userext/samlext/ to list of servers to be checked||…/svc/extXMLApi/src/gen/ifc/app/./pam/||1412

8062||2022-02-10T14:43:30.278823605-06:00||aaa||DBG4||||ping timed out for (uni/userext/samlext/, 2 retries left||…/svc/extXMLApi/src/gen/ifc/app/./ping/||402 bico 28.122

8062||2022-02-10T14:43:32.779894223-06:00||aaa||DBG4||||ping timed out for (uni/userext/samlext/, 1 retries left||…/svc/extXMLApi/src/gen/ifc/app/./ping/||402 bico 30.278

8062||2022-02-10T14:43:35.280776887-06:00||aaa||DBG4||||All retries exhausted for (uni/userext/samlext/ - we declare it dead||…/svc/extXMLApi/src/gen/ifc/app/./ping/||409 bico 33.123