This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect SAML Authentication Complete

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

GlobalProtect SAML Authentication Complete

Go to solution
jonathanb
L1 Bithead

‎04-25-2025 05:46 PM

We recently upgraded firewalls from 10.1 to 11.1.  We've stayed on globalprotect 6.2.5 and 6.2.8 the entire time.

 

Before the upgrade, GP would logon automatically after user logon.  GP would use SAML authentication and complete without fanfare.

 

After updating to 11.1, GP starts up, SAML auth to the portal opens a browser which completes SAML, and then says Authentication Complete.  GP then completes a connection to a gateway.

 

How do i get rid of this annoying browser page?  This wasn't happening before.

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
Brandon_Wertz
L6 Presenter
In response to Sally47Mac

‎04-28-2025 07:59 AM

@Sally47Mac wrote:

Hello!

The "Authentication Complete" browser page after your firewall upgrade to PAN-OS 11.1 with consistent GlobalProtect versions likely stems from a change in default SAML authentication behavior. Check the "Use Default Browser for SAML Authentication" setting in your GlobalProtect Portal configuration and try toggling it. Also, review your client configuration and consult the PAN-OS 11.1 release notes and Palo Alto Networks Knowledge Base for any relevant changes. Investigating authentication override cookie configurations might also help. As a test, consider upgrading to the latest compatible GlobalProtect client version. 

 

@jonathanb I would agree with @Sally47Mac's recommendation.  Based on what you described it's exactly what's been shared.  For SAML auth you can either use the GP client itself (embedded browser), which is what you previously had configured, or the OS "Default Browser" which would be the Internet browser the user has set as their native browser.

 

https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/changes-to-default-behavior/chang...

 

Brandon_Wertz_0-1745852315195.png

 

 

View solution in original post

1 REPLY 1

Go to solution
Brandon_Wertz
L6 Presenter
In response to Sally47Mac

‎04-28-2025 07:59 AM

@Sally47Mac wrote:

Hello!

The "Authentication Complete" browser page after your firewall upgrade to PAN-OS 11.1 with consistent GlobalProtect versions likely stems from a change in default SAML authentication behavior. Check the "Use Default Browser for SAML Authentication" setting in your GlobalProtect Portal configuration and try toggling it. Also, review your client configuration and consult the PAN-OS 11.1 release notes and Palo Alto Networks Knowledge Base for any relevant changes. Investigating authentication override cookie configurations might also help. As a test, consider upgrading to the latest compatible GlobalProtect client version. 

 

@jonathanb I would agree with @Sally47Mac's recommendation.  Based on what you described it's exactly what's been shared.  For SAML auth you can either use the GP client itself (embedded browser), which is what you previously had configured, or the OS "Default Browser" which would be the Internet browser the user has set as their native browser.

 

https://docs.paloaltonetworks.com/pan-os/11-1/pan-os-release-notes/changes-to-default-behavior/chang...

 

Brandon_Wertz_0-1745852315195.png

 

 

  • 1 accepted solution
  • 680 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks