Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Global Protect - SAML Authentication Complete Page

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Global Protect - SAML Authentication Complete Page

L1 Bithead

We're testing upgrading to version 2.5.x and have run into a few changes with the new features.

 

We enabled "Use Default Browser for SAML Authentication", because you know ie, is going away.  After doing this, each time our end user authenticates, they receive an "Authentication Complete" Page, with a cryptic message about opening Global Protect and a link that doesn't work.  It comes from https://<VPNGatewayFQDN>/SAML20/SP/ACS

 

I've searched through documentation and can't seem to find anything about it, nor is it present as a response page you can customize.

 

Ideally we'd prefer the old behavior, close the browser window / tab that was used for the SAML authentication, but minimally, we need to reword this page so it doesn't confuse users.. Maybe use it as a banner.

 

This is not the "Global Protect App Welcome Page", that feature is disabled.

 

Any help would really be appreciated.

9 REPLIES 9

Cyber Elite
Cyber Elite

Sounds like a feature request to me.

You would best contact your PANW SE for them to create a FR ticket. 

 

Good luck!

Help the community: Like helpful comments and mark solutions

@JakeHarris and after you get a FR ID from your SE, post it here, so others can also vote for it.

L2 Linker

FR ID: 18254

Let the voting begins!

L0 Member

Same issue. I would like to customize this page.

I'd like to vote for this feature request but I couldn't find where to do that.

Me too... have you found were to vote or do we need to do this via a Palo Alto SE?

L0 Member

Same thing here!

L6 Presenter

@JakeHarris wrote:

We're testing upgrading to version 2.5.x and have run into a few changes with the new features.

 

We enabled "Use Default Browser for SAML Authentication", because you know ie, is going away.  After doing this, each time our end user authenticates, they receive an "Authentication Complete" Page, with a cryptic message about opening Global Protect and a link that doesn't work.  It comes from https://<VPNGatewayFQDN>/SAML20/SP/ACS

 

I've searched through documentation and can't seem to find anything about it, nor is it present as a response page you can customize.

 

Ideally we'd prefer the old behavior, close the browser window / tab that was used for the SAML authentication, but minimally, we need to reword this page so it doesn't confuse users.. Maybe use it as a banner.

 

This is not the "Global Protect App Welcome Page", that feature is disabled.

 

Any help would really be appreciated.


(I know this is an old thread)

 

This isn't going to answer your issue, but you're using "default browser because IE was going away.  My company recently ran into this issue.  

 

We use "embedded browser" for SAML auth to Azure AD (Through CIE) for GP.  This wasn't working because the Global Protect software called "Webview" which essentially calls the legacy IE integration for browser authentication.  Webview/IE doesn't support TLS1.3 so we would intermittently get authention failures to GP because of this incompatibility.

 

Coming in GP client version 6.0.10, I'm not sure about other client version, the GP software will call "Webview2" which calls the "Edge" version to the OS browser.  This call to "Webview2" will support TLS1.3 and will allow the use of the "embedded browser" within the GP client.

L0 Member

Under default browser, how can we configure to automatically close the Authentication Complete Page? This is very annoying for end users who have to do this on a daily basis.

  • 6020 Views
  • 9 replies
  • 2 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!