I Have a problem when using SAML for Authentication with Palo Alto HA environment.(no problem for Firewall Palo Alto standalone)
1. our Palo Alto is using IP for management, so i create 2 SSO Profile in JC with 2 different IP(we dont have domain for this firewall)
Palo Alto : We Setup the 2 SAML Profile on Palo Alto on active firewall, user account (admin) for this firewall, and then let the passive firewall sync with the active.
The problem is, the active firewall can login using the SAML, but the passive cant login because it sync with the active firewall settings, even we have the passive settings(the firewall cant read configuration for the passive one) so the option is we can create another admin user and then use the passive settings.
ex, Admin1 using SAML-Primary(for active paloalto), Admin2 using SAML-Secondary(for passive paloalto), this settings must be done in each firewall.
but this workaround cant implemented in our firewall because it will create more users in JC. my question is can JC create 1 profile SAML SSO with 2 IP address configuration?