Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Kerberos SSO with Globalprotect and User-Logon

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Kerberos SSO with Globalprotect and User-Logon

L4 Transporter

Hi Community,

 

I have a strange problem with Kerberos SSO and Globalprotect 4.0.7:

I set up Kerberos SSO and the SSO is working.

If you connect to the Globalprotect-Portal via browser, you directly get a Kerberos ticket and the SSO works.

 

If you logout from Windows 10 and you login again, you have a Kerberos-Ticket assigned, but the global protect client doesn't automatically connect to the portal. The form data are already filled up with portal address and username - but the user-id is only shown on the PA, after manually clicking to connect.

 

Does anybody has an idea what the reason for this behavior might be?

Can anyone confirm, that my planned setup is working in general: User logs in to Windows, Global Protect automatically connects via Kerberos SSO with the internal gateway?

 

I'm looking forward to your feedback.

Best Regards
Chacko
1 REPLY 1

L4 Transporter

Hi,

I have an update regarding this issue: 
For user identification, the DC server monitor was in use as well.
The SSO with kerberos works, but instantly after the login, the security log is read and the user-id entry gets overwritten.

 

I checked that by "show user ip-user-mapping all" and after the logon, the type was AD, not GP.

It seems we are to slow - anyway I would be happy if someone could confirm my finding.

 

Best Regards

Johannes

Best Regards
Chacko
  • 2305 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!