06-26-2025 07:34 AM - edited 06-26-2025 07:38 AM
Hi,
i would like to customize the URL Authentication complete in GP. i was checking this KB: https://docs.paloaltonetworks.com/globalprotect/10-1/globalprotect-admin/globalprotect-user-authenti...
The problem is that we dont have the option: auth-response-page in the command.
set global-protect auth-response-page. We only have these options:
active)# set global-protect
> clientless-app Application accessed using clientless vpn
> clientless-app-group Group of applications accessed using clientless vpn
> dhcp-server-profile DHCP servers for GP users
> global-protect-gateway GlobalProtect gateway user related configuration
> global-protect-mdm GlobalProtect MDM server
> global-protect-portal GlobalProtect portal configuration
<Enter> Finish input
Our version is 11.1.6.
Someone has customized this URL and work the commands?
06-27-2025 02:42 AM
In display mode is the same. Not "set global-protect auth-response-page" find un any mode.
(active)> set global-protect
> arg-maxlen Max string length of GlobalProtect request arguments supported
> global-protect-portal GlobalProtect portal configuration
> redirect redirect
> saml-domain Set GlobalProtect SAML domain
> satellite-serialnumberip-auth Satellite Serialnumber + IP auth configuration
06-29-2025 10:39 PM
Can someone check if this command exists "set global-protect auth-response-page" in the FW?
06-30-2025 05:16 AM
Hi @BigPalo ,
The SAML20/SP/ACS customization feature was first introduced for future PAN-OS versions and was later backported to version 10.2.11. It has been available in the 10.2 OS code from version 10.2.11. Unfortunately, this feature is not available in versions 11.0, 11.1, or 11.2 as of now. I do not have information on when this will be available in these major versions.
Kind regards,
-Kim.
07-01-2025 02:09 AM
Many thanks Kiwi. Why is not available in 11.x 😞 ? So thats why PA doesnt recommend to customize that URL?
thanks
07-01-2025 06:41 AM
@BigPalo wrote:
Many thanks Kiwi. Why is not available in 11.x 😞 ? So thats why PA doesnt recommend to customize that URL?
thanks
I don't work for Palo, but there have been numerous CVEs relating to VPN portals in both Palo and Fortinet. With a lot of the Fortinet ones being super egregious. My guess is Palo made a tactical decision to remove the ability to modify the portal for security reasons to better harden the appliance. (Just a guess though.)
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
