topic Captive Portal SSO w/ Okta - "User Authenticated" in General Topics

Captive Portal SSO w/ Okta - "User Authenticated"

Greg_Frey — Thu, 20 Feb 2020 18:36:57 GMT

We've implemented Okta SAML SSO with our layer-3 Captive Portal redirect page for IP-User mapping. The solution works, but users are landing on a "User Authenticated" web page, rather than the website they originally browsed to. Users now have to re-browse to the website first landed on, or browsed to to access the site. I figured SAML SSO would allow a transparent authentication to occur and return the requested webpage to the user. Anyone have this issue?

Re: Captive Portal SSO w/ Okta - "User Authenticated"

reaper — Thu, 27 Feb 2020 08:45:44 GMT

is your portal set up as redirect or transparent ?

Re: Captive Portal SSO w/ Okta - "User Authenticated"

Greg_Frey — Thu, 27 Feb 2020 15:41:24 GMT

The configuration is set to redirect.

This was actually occurring due to the redirect host being set to the hostname, and not the FQDN. Example: host.domain.tld

All fixed.

Re: Captive Portal SSO w/ Okta - "User Authenticated"

Sly_Cooper — Thu, 23 Apr 2020 16:21:29 GMT

@Greg_FreyI am facing similar challenge where the Okta response is stopping at "<firewall ip>:6081/SAML20/SP/ACS" page. I did change the redirect host to FQDN under Captive Portal page. Do you need similar settings on the Okta side? Can you please help with the Okta settings?

Re: Captive Portal SSO w/ Okta - "User Authenticated"

Greg_Frey — Thu, 23 Apr 2020 16:58:07 GMT

The URL needs to match. In this case, the FQDN was similar on both the PanOS configuration for the redirect host, and the Okta URL.

Redirect Host: <FQDN>
Okta: <FQDN>:6081/SAML20/SP/ACS

Re: Captive Portal SSO w/ Okta - "User Authenticated"

Sly_Cooper — Thu, 30 Apr 2020 02:06:29 GMT

@Greg_FreyIs the port 6081? The SAML metadata on the firewall as well as Okta captive portal app shows 6082.