Hello BPry,
The issue is when I click the global protect app to connect the VPN and it redirects to a blank screen not to the login portal to enter the credentials.
Also, we are using the SAML DUO 2FA for two-factor authentications so it should redirect to the login portal and then enter the 2FA passcode to successfully log in to the VPN on my PC.
The issue is with my PC only and the rest works fine.
the attached is the screenshot which I get after clicking the global protect App.
So i need help to resolve this issue in my PC.
@cosmith8000 wrote:
Did you ever get a fix to this issue?
I have a user getting this exact behavior, if I use my username it works fine. If I use his username I get a screen just like yours.
That means this cannot be a pc issue. as both are on the same windows session.
Thanks
I'm not 100% sure this is the exact cause of your issue and the OP's, @SamiPTfA , but we had an issue using SAML auth and using the "embedded browser" for authentication. GP client versions before 6.0.10, 6.1.5 and 6.2.3 do not support TLS1.3 for authentication, as the software called the Windows OS component called "Webview." Webview calls the legacy Internet Explorer browser. Since IE doesn't support TLS1.3 the GP client calling this component the SAML auth intermittently fails. So the GP client cannnot broker the TLS1.3 SAML authentication to the external provider.
We had users that intermittently receive a similar GP client pop-up. With the GP software release of 6.0.10+, 6.1.5+ and 6.2.3+ the software support "Webview2" which uses the "Edge" version of the Windows OS browser. Because the GP client is calling edge, via Webview2, TLS1.3 is supported.
Once we migrated clients to GP version 6.0.10 users no longer failed to authenticate or receive the GP window popup.
--edit--
If using the "default browser" for authentication the SAML auth request is handed off to whatever the Windows OS default browser is. In this case Edge or Chrome installed in a Windows 10/11 machine of course support TLS1.3 and clients never get stuck in this auth failure.
This could also be masked by the local machine having TLS1.3 disabled in the advanced settings of Internet properties. With TLS1.3 disabled on the local machine earlier GP client software versions can't call TLS1.3 and therefore the use of the legacy Webview works with "embedded browser" selected as your authentication method.
The setting is in the Portal app config. With "no" it's using the embedded browser within the GP client. If yes, the SAML auth is offloaded to the Windows OS
