- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
03-28-2018 10:03 AM - edited 03-28-2018 12:17 PM
Hi Community,
I have a strange problem with Kerberos SSO and Globalprotect 4.0.7:
I set up Kerberos SSO and the SSO is working.
If you connect to the Globalprotect-Portal via browser, you directly get a Kerberos ticket and the SSO works.
If you logout from Windows 10 and you login again, you have a Kerberos-Ticket assigned, but the global protect client doesn't automatically connect to the portal. The form data are already filled up with portal address and username - but the user-id is only shown on the PA, after manually clicking to connect.
Does anybody has an idea what the reason for this behavior might be?
Can anyone confirm, that my planned setup is working in general: User logs in to Windows, Global Protect automatically connects via Kerberos SSO with the internal gateway?
I'm looking forward to your feedback.
04-04-2018 06:08 AM - edited 04-05-2018 01:35 AM
Hi,
I have an update regarding this issue:
For user identification, the DC server monitor was in use as well.
The SSO with kerberos works, but instantly after the login, the security log is read and the user-id entry gets overwritten.
I checked that by "show user ip-user-mapping all" and after the logon, the type was AD, not GP.
It seems we are to slow - anyway I would be happy if someone could confirm my finding.
Best Regards
Johannes
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!