Troubleshooting SAML on the Private Cloud

If the installation or configuration process fails, you should first ensure that all necessary ports are open and accessible:

  • The apigee-sso node must be able to access the Postgres node on port 5432.
  • Port 9099 on apigee-sso node must be open for external HTTP access by the Edge UI and the SAML IDP. If you configure TLS on apigee-sso, the port number might be different.
  • The apigee-sso node must be able to access the SAML IDP at the URL specified by the SSO_SAML_IDP_METADATA_URL property.
  • The apigee-sso node must be able to access port 8080 on the Management Server node.

If all necessary ports are open and accessible, you can rerun the configuration steps:

  • For apigee-sso:
    /opt/apigee/apigee-service/bin/apigee-service apigee-sso setup -f configFile
  • For the Edge UI:
    /opt/apigee/apigee-service/bin/apigee-service edge-ui configure-sso -f configFile

If reconfiguration does work, then you can delete the Postgres database used by apigee-sso, and then reconfigure apigee-sso and the Edge UI:

  1. Disable SAML on the Edge UI as described in Disable SAML.
  2. Stop apigee-sso:
    /opt/apigee/apigee-service/bin/apigee-service apigee-sso stop
  3. Log in to the Postgres node and drop the Postgres database:
    psql -U postgres_username -p postgres_port -h postgres_host -c "drop database \"apigee_sso\""

    where:

    • postgres_username is the Postgre username you specified when you installed Edge. The default value is apigee.
    • postgres_port is the Postgres port you specified when you installed Edge. The default value is 5432.
    • postgres_host is the IP or DNS name of the Postgres node.
  4. Reconfigure apigee-sso:
    /opt/apigee/apigee-service/bin/apigee-service apigee-sso setup -f configFile
  5. Reconfigure the Edge UI:
    /opt/apigee/apigee-service/bin/apigee-service edge-ui configure-sso -f configFile