Anyone successfull with Global Protect Single Sign on and Windows 8.1 client?

Reply
CGSD
L0 Member

Anyone successfull with Global Protect Single Sign on and Windows 8.1 client?

Running GP 2.0.3-5 and the single sign on fails on windows 8 or 8.1 clients. Windows 7 works fine so I'm pretty sure I have the portal and gateway setup properly. I've opened a case with support but they're drawing blanks after three days.

Here's the log snippet from the win 8 client.

(T2024) 07/18/14 09:38:15:394 Debug(3273): ServerThread: ProcessServerPortal -- GetConfigFromPortal

(T2024) 07/18/14 09:38:15:394 Debug(3555): entering.

(T2024) 07/18/14 09:38:15:394 Debug(1141): Proxy auto detect is not needed

(T2024) 07/18/14 09:38:15:394 Debug(3590): SSO enable status is 1, user name is ___empty_username___, domain name is .

Windows 7 log snippet.

(T2260) 07/18/14 09:38:09:227 Debug(3273): ServerThread: ProcessServerPortal -- GetConfigFromPortal

(T2260) 07/18/14 09:38:09:227 Debug(3555): entering.

(T2260) 07/18/14 09:38:09:227 Debug(1141): Proxy auto detect is not needed

(T2260) 07/18/14 09:38:09:227 Debug(3590): SSO enable status is 1, user name is johnadoe, domain name is .

Just wondering if anyone else has a working setup?

kadak
L5 Sessionator

Hello CGSD,

Looks like 'user name is ___empty_username___, domain name ' is not populating correctly for 8.1 Windows.

May be this can help:

GlobalProtect single sign on did not work

Thanks and regards,

Kunal Adak

CGSD
L0 Member

After checking we have the PanCredProv under the registry that you suggested.  In more trouble shooting we have tested Win8, Win8.1, and Windows 8.1 Update all with the same error.  We even downgraded to GP Client 1.2.10 and still no luck with SSO.  It is weird that is works fine if using Windows 7 but Windows 8 fails every time. 

mwhite
Not applicable

Did you get any resolution to this in the end?

jbarea
L1 Bithead

Hi all,

Same problem here. Did you figured out how make it work?

harshanatarajan
L4 Transporter

WIN 8.1 no longer forces SSO info.


In Windows 8.x, Microsoft changes the login model to become user centric. That means any user has the right to select which authentication method (tile under "sign in options" during log in) to use to authenticate to Windows.


When logging in, you can actually select the global protect tile under the sign in options as shown below and then the SSO works in Windows 8.1.


sso1.JPG

harshanatarajan
L4 Transporter

One more thing to add, the SSO GP tile will not be active until the user  logs in to windows the first time, this is default behavior as the tile can only be bound once logged on.

jbarea
L1 Bithead

Thanks for the information,

The problem here is the user needs to login in order to be able to see the tile. Then the SSO option makes no sense because the user needs to do a first login an then lock the computer in order to see the sso option.

Anyway thanks for you reply. We will wait to see if this is solved in future releases.

parmas
L2 Linker

Correct. Unfortunately this ends up being on the Windows side. Apparently, there is no way to force windows to default to the GP option in the "Sign-in" options tile.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!