Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-03-2021 12:58 PM
We're testing upgrading to version 2.5.x and have run into a few changes with the new features.
We enabled "Use Default Browser for SAML Authentication", because you know ie, is going away. After doing this, each time our end user authenticates, they receive an "Authentication Complete" Page, with a cryptic message about opening Global Protect and a link that doesn't work. It comes from https://<VPNGatewayFQDN>/SAML20/SP/ACS
I've searched through documentation and can't seem to find anything about it, nor is it present as a response page you can customize.
Ideally we'd prefer the old behavior, close the browser window / tab that was used for the SAML authentication, but minimally, we need to reword this page so it doesn't confuse users.. Maybe use it as a banner.
This is not the "Global Protect App Welcome Page", that feature is disabled.
Any help would really be appreciated.
05-15-2021 08:05 AM
Sounds like a feature request to me.
You would best contact your PANW SE for them to create a FR ticket.
Good luck!
05-16-2021 10:34 AM
@JakeHarris and after you get a FR ID from your SE, post it here, so others can also vote for it.
08-16-2021 04:50 AM
FR ID: 18254
Let the voting begins!
01-30-2024 04:12 PM
I'd like to vote for this feature request but I couldn't find where to do that.
04-29-2024 03:44 AM
Me too... have you found were to vote or do we need to do this via a Palo Alto SE?
05-02-2024 08:15 AM - edited 05-02-2024 08:15 AM
@JakeHarris wrote:
We're testing upgrading to version 2.5.x and have run into a few changes with the new features.
We enabled "Use Default Browser for SAML Authentication", because you know ie, is going away. After doing this, each time our end user authenticates, they receive an "Authentication Complete" Page, with a cryptic message about opening Global Protect and a link that doesn't work. It comes from https://<VPNGatewayFQDN>/SAML20/SP/ACS
I've searched through documentation and can't seem to find anything about it, nor is it present as a response page you can customize.
Ideally we'd prefer the old behavior, close the browser window / tab that was used for the SAML authentication, but minimally, we need to reword this page so it doesn't confuse users.. Maybe use it as a banner.
This is not the "Global Protect App Welcome Page", that feature is disabled.
Any help would really be appreciated.
(I know this is an old thread)
This isn't going to answer your issue, but you're using "default browser because IE was going away. My company recently ran into this issue.
We use "embedded browser" for SAML auth to Azure AD (Through CIE) for GP. This wasn't working because the Global Protect software called "Webview" which essentially calls the legacy IE integration for browser authentication. Webview/IE doesn't support TLS1.3 so we would intermittently get authention failures to GP because of this incompatibility.
Coming in GP client version 6.0.10, I'm not sure about other client version, the GP software will call "Webview2" which calls the "Edge" version to the OS browser. This call to "Webview2" will support TLS1.3 and will allow the use of the "embedded browser" within the GP client.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
