Hi  @ekrizon ,

Wondering how you configure the SSL part of it and redirected to the custom URL "https://omada.mycompany.com"

I have done this similarly via cloudflare however as you mentioned redirecting to the IP is what I am having issues with. How did you fix that and where on the host controller setting?

 

Additionally even though I did get through to the IP I end up getting this screen 

"Sorry, the browser is not compatible.

The current browser does not support Omada Controller. Please upgrade to a newer version or use other browsers."  Just wondering if this was the case for you?
 

I am using a hardware controller OC400
 

  @KBhuva 

Outside of the SAML settings, under System Settings do you have your box configured as IP or hostname?  Thats where I had to change it to using our hostname. Then the SAML attributes (that get automatically populated) were instantly updated to using our proper hostname. As for your screenshot that I believe is what is shown if you visit the saml sign-in URL directly which should not be the case if everything is properly configured.

I got SSO with SAML working but then it suddenly stopped working with this error:

I configured an permament user and no temporary.

  @relvy Same here using authentik as the idP.

I do notice that if I set the URL to https://<ip>:8043/sso/saml/login/ (with the trailing '/'), I get the 'Unsupported browser for omada controller' window and if I remove the trailing slash, I get the  {"errorCode":-30199,"msg":"Temporary user is not within the validity period."} error instead. 

I have my SAML Role set to the same as the group name in authentik and it is set to Super Admin (permanent), so the temporary user message doesnt make sense. I tried adding a few more SAML roles that didnt have any hyphens or capitalization, with the same result.