Anyone successfull with Global Protect Single Sign on and Windows 8.1 client?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Anyone successfull with Global Protect Single Sign on and Windows 8.1 client?

L0 Member

Running GP 2.0.3-5 and the single sign on fails on windows 8 or 8.1 clients. Windows 7 works fine so I'm pretty sure I have the portal and gateway setup properly. I've opened a case with support but they're drawing blanks after three days.

Here's the log snippet from the win 8 client.

(T2024) 07/18/14 09:38:15:394 Debug(3273): ServerThread: ProcessServerPortal -- GetConfigFromPortal

(T2024) 07/18/14 09:38:15:394 Debug(3555): entering.

(T2024) 07/18/14 09:38:15:394 Debug(1141): Proxy auto detect is not needed

(T2024) 07/18/14 09:38:15:394 Debug(3590): SSO enable status is 1, user name is ___empty_username___, domain name is .

Windows 7 log snippet.

(T2260) 07/18/14 09:38:09:227 Debug(3273): ServerThread: ProcessServerPortal -- GetConfigFromPortal

(T2260) 07/18/14 09:38:09:227 Debug(3555): entering.

(T2260) 07/18/14 09:38:09:227 Debug(1141): Proxy auto detect is not needed

(T2260) 07/18/14 09:38:09:227 Debug(3590): SSO enable status is 1, user name is johnadoe, domain name is .

Just wondering if anyone else has a working setup?

8 REPLIES 8

L5 Sessionator

Hello CGSD,

Looks like 'user name is ___empty_username___, domain name ' is not populating correctly for 8.1 Windows.

May be this can help:

GlobalProtect single sign on did not work

Thanks and regards,

Kunal Adak

After checking we have the PanCredProv under the registry that you suggested.  In more trouble shooting we have tested Win8, Win8.1, and Windows 8.1 Update all with the same error.  We even downgraded to GP Client 1.2.10 and still no luck with SSO.  It is weird that is works fine if using Windows 7 but Windows 8 fails every time. 

Did you get any resolution to this in the end?

L1 Bithead

Hi all,

Same problem here. Did you figured out how make it work?

L4 Transporter

WIN 8.1 no longer forces SSO info.


In Windows 8.x, Microsoft changes the login model to become user centric. That means any user has the right to select which authentication method (tile under "sign in options" during log in) to use to authenticate to Windows.


When logging in, you can actually select the global protect tile under the sign in options as shown below and then the SSO works in Windows 8.1.


sso1.JPG

L4 Transporter

One more thing to add, the SSO GP tile will not be active until the user  logs in to windows the first time, this is default behavior as the tile can only be bound once logged on.

Thanks for the information,

The problem here is the user needs to login in order to be able to see the tile. Then the SSO option makes no sense because the user needs to do a first login an then lock the computer in order to see the sso option.

Anyway thanks for you reply. We will wait to see if this is solved in future releases.

Correct. Unfortunately this ends up being on the Windows side. Apparently, there is no way to force windows to default to the GP option in the "Sign-in" options tile.

  • 6799 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!