Script to fix ICS SAML null host-fqdn value issue by updating the cache with the global FQDN value.
Download the script from here
- Python 3.x (Standalone or Windows Store version) | Created & Tested using Python 3.9
- Admin user account with REST API access enabled.
For enabling REST API access. Please refer to the REST API guide - Take Full device (system & user config) or Auth Servers XML backup before proceeding with this change.
(Dry-Run option can be used for evaluation)
- Fetches the global host-fqdn from SAML settings.
- Downloads all auth-server config and parses the SAML auth-type instances.
- Check if the SAML instance has valid host-fqdn value.
- If an instance with NULL host-fqdn value found, issues HTTP PUT request with correct FQDN value.
- Validates the entity ID value before and after change. If any change is highlighted, then the admin should restore the config using backup.
usage: python3 saml_eid_fix.py [-h] --host HOST --username USERNAME [--dry-run]
Script to fix ICS SAML null host-fqdn issue by Ray A.
optional arguments:
-h, --help show this help message and exit
--host HOST VPN server hostname/IP (without 'http/https' prefix)
--username USERNAME REST API Admin username
--dry-run Dry run - (Evaluate Only) Check if any SAML servers have null host-fqdn value.
> python3 saml_eid_fix.py --host 10.1.1.100 --username adminuser
Dry run operation - Evaluate if the VPN server has any problematic SAML instances. No PUT request will be sent
> python3 saml_eid_fix.py --host 10.1.1.100 --username adminuser --dry-run