07-18-2014 08:37 AM
Running GP 2.0.3-5 and the single sign on fails on windows 8 or 8.1 clients. Windows 7 works fine so I'm pretty sure I have the portal and gateway setup properly. I've opened a case with support but they're drawing blanks after three days.
Here's the log snippet from the win 8 client.
(T2024) 07/18/14 09:38:15:394 Debug(3273): ServerThread: ProcessServerPortal -- GetConfigFromPortal
(T2024) 07/18/14 09:38:15:394 Debug(3555): entering.
(T2024) 07/18/14 09:38:15:394 Debug(1141): Proxy auto detect is not needed
(T2024) 07/18/14 09:38:15:394 Debug(3590): SSO enable status is 1, user name is ___empty_username___, domain name is .
Windows 7 log snippet.
(T2260) 07/18/14 09:38:09:227 Debug(3273): ServerThread: ProcessServerPortal -- GetConfigFromPortal
(T2260) 07/18/14 09:38:09:227 Debug(3555): entering.
(T2260) 07/18/14 09:38:09:227 Debug(1141): Proxy auto detect is not needed
(T2260) 07/18/14 09:38:09:227 Debug(3590): SSO enable status is 1, user name is johnadoe, domain name is .
Just wondering if anyone else has a working setup?
07-18-2014 10:50 AM
Hello CGSD,
Looks like 'user name is ___empty_username___, domain name ' is not populating correctly for 8.1 Windows.
May be this can help:
GlobalProtect single sign on did not work
Thanks and regards,
Kunal Adak
07-21-2014 11:55 AM
After checking we have the PanCredProv under the registry that you suggested. In more trouble shooting we have tested Win8, Win8.1, and Windows 8.1 Update all with the same error. We even downgraded to GP Client 1.2.10 and still no luck with SSO. It is weird that is works fine if using Windows 7 but Windows 8 fails every time.
09-02-2014 09:12 AM
Did you get any resolution to this in the end?
02-12-2015 05:53 PM
WIN 8.1 no longer forces SSO info.
In Windows 8.x, Microsoft changes the login model to become user centric. That means any user has the right to select which authentication method (tile under "sign in options" during log in) to use to authenticate to Windows.
When logging in, you can actually select the global protect tile under the sign in options as shown below and then the SSO works in Windows 8.1.
02-12-2015 05:55 PM
One more thing to add, the SSO GP tile will not be active until the user logs in to windows the first time, this is default behavior as the tile can only be bound once logged on.
02-13-2015 07:35 AM
Thanks for the information,
The problem here is the user needs to login in order to be able to see the tile. Then the SSO option makes no sense because the user needs to do a first login an then lock the computer in order to see the sso option.
Anyway thanks for you reply. We will wait to see if this is solved in future releases.
04-03-2015 09:10 AM
Correct. Unfortunately this ends up being on the Windows side. Apparently, there is no way to force windows to default to the GP option in the "Sign-in" options tile.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
