Troubleshooting SAML on the Private Cloud

Edge for Private Cloud v4.18.01

If the installation or configuration process fails, you should first ensure that all necessary ports are open and accessible:

  • The apigee-sso node must be able to access the Postgres node on port 5432.
  • Port 9099 on apigee-sso node must be open for external HTTP access by the Edge UI and the SAML IDP. If you enable SAML for API BaaS, the port must be accessible from the BaaS Portal and BaaS Stack nodes. If you configure TLS on apigee-sso, the port number might be different.
  • The apigee-sso node must be able to access the SAML IDP at the URL specified by the SSO_SAML_IDP_METADATA_URL property.
  • The apigee-sso node must be able to access port 8080 on the Management Server node.

If all necessary ports are open and accessible, you can rerun the configuration steps:

  • For apigee-sso:
    > /opt/apigee/apigee-service/bin/apigee-service apigee-sso setup -f configFile
  • For the Edge UI:
    > /opt/apigee/apigee-service/bin/apigee-service edge-ui configure-sso -f configFile

If reconfiguration does work, then you can delete the Postgres database used by apigee-sso, and then reconfigure apigee-sso and the Edge UI:

  1. Disable SAML on the Edge UI as described in Disable SAML.
  2. Stop apigee-sso:
    > /opt/apigee/apigee-service/bin/apigee-service apigee-sso stop
  3. Log in to the Postgres node and drop the Postgres database:
    > psql -U postgres_username -p postgres_port -h postgres_host -c "drop database \"apigee_sso\""

    where:
    • postgres_username is the Postgre username you specified when you installed Edge. The default value is apigee.
    • postgres_port is the Postgres port you specified when you installed Edge. The default value is 5432.
    • postgres_host is the IP or DNS name of the Postgres node.
  4. Reconfigure apigee-sso:
    > /opt/apigee/apigee-service/bin/apigee-service apigee-sso setup -f configFile
  5. Reconfigure the Edge UI:
    > /opt/apigee/apigee-service/bin/apigee-service edge-ui configure-sso -f configFile