I found issue about configuration SAML authentication realms as below. I have to do importing the IDP Certificate, Root CA, and BlueCoat Certificate to browser-trusted.
Blue Coat SG300 Series#(config);;Begin SAML Settings
Blue Coat SG300 Series#(config)security saml edit-realm SALM_2
Blue Coat SG300 Series#(config saml SALM_2)federated-idp import-metadata "https://adfs.abc.com/FederationMetadata/2007-06/FederationMetadata.xml" no-verify-server
% Failed to import metadata: SSL initialization failed - check the server certificate.
Blue Coat SG300 Series#(config saml SALM_2)encryption keyring "SAML_Cert_Authen"
Blue Coat SG300 Series#(config saml SALM_2)ssl-device-profile SSL_devices_profile_SAML
Blue Coat SG300 Series#(config saml SALM_2)exit
Blue Coat SG300 Series#(config);;End SAML Settings
- The configuration SAML Realm -
Plase advise me.
My guess would be that you internal server is using a certificate which you don't trust on the ProxySG.
Import the signing root CA into the ProxySG and make sure it is part of the proper CA list.(Doing the first but failing the other will still get you the failure.)
The error points to something with the server certificate (may be trusting ?) Double check that you are able to fetch the Metadata from the url that you are using. A pcap should reveal the connection attempt from proxy to the server. If you are not able to fix this still, I would like to recommend a TAC case for detailed check.