RBI: 400 Error - SAML IdP must be excluded from isolation policy to suport SSO

RBI: 400 Error - SAML IdP must be excluded from isolation policy to suport SSO

528
Created On 03/18/25 01:02 AM - Last Modified 07/25/25 01:48 AM


Symptom


  • Error message "RBI: 400" is seen when attempting to access specific URLs via Remote Browser Isolation (RBI).

  • In the error logs, message ""SAML IdP must be excluded from isolation policy to suport SSO, please contact system administrator" is seen.

Environment


  • Prisma Access
  • PANOS: 10.2.4
  • SAML IdP

Cause


  • SAML Identity Provider (IdP) used for Single Sign-On (SSO) is  incorrectly included within the Prisma Access Isolation policy.
  • This configuration prevents proper SAML communication through RBI, resulting in the "RBI: 400" Error. 

Resolution


  1. Exclude the SAML IdP from the Prisma Access Isolation policy.
  2. This allows for proper SAML communication through RBI, resolving the "400 error" issue.
  3. Below are the URL Sample logs from Strata Logging Service Hub app.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HFEdCAO&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail