MFA auth page not presenting instead I see basic Captive Portal web-form login

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

MFA auth page not presenting instead I see basic Captive Portal web-form login

L2 Linker

I have an odd issue where when I get the prompt from Global Protect saying "You have attempted to access a protected resource please click the link to authenticate" I am brought to the basic (not pretty) looking Captive Portal web-form login page and not the nice\fancy MFA login page. Does anyone have any ideas on this?

15 REPLIES 15

L3 Networker

could you Please provide a screen shot of what you are getting?

This is what I am getting......Screen Shot 2018-04-27 at 11.16.31 AM.png

And it should look more like this.....

Screen Shot 2018-04-27 at 5.55.39 AM.png

appears that the CSS /JS in the browser is not loading,

 

could you please press F12 in the broswer and check the console logs if it has any errors?

I've tried that from my MacOS with other browsers, FireFox, Chrome, and Safari all present the same way. Even tired a Windows device with the same browsers, all present the same.

right,

it may not be a browser issue but a network issue, this would become more clear with the console logs.

~HTH

I guess I would not know which log\logs to go and look at from the console.

okay,

 

i have chrome and can help you with that:

 

1) let the page load first

2) press F12

3) it will open a console within the page

4) go to perfomrance tab in it

5) click a circle on top left in that (looks like a red record button)

6) once it starts, reload the page

7) stop once page is loaded

😎 check the event logs that appear after that

9) sort by activity and see if any red errors are there.

 

~HTH

Errors I am seeing are:

Screen Shot 2018-04-27 at 12.07.26 PM copy.png

yep,

 

That is the problem, as you can see the access to jquery and BS(bootstrap) CSS  is not accessible, you would need to modify the html code in order to be able to access these over internet using a CDN.

 

I am not a front end expert, but i might be able to help you with that if its possible for you to share the html code.

 

~HTH

 

 

Just seems strange as I am using the default prebuilt pages. I have not made any modifications.

@zthiel,

 

 

I'm going to assume that you've missed a certain step during the setup process. You can find the documenation HERE

Jist of it is this. 

1) You need to allow a response page to be served from the ingress tunnel interface on the firewall. 

2) You need to enable the Response Page on the interface mgmt profile, and then assign this profile to a tunnel interface. 

3) User-ID needs to be enabled on the zone associated with the tunnel interface. 

4) Verify that you've configured the agent settings correctly.

5) Verify through interzone-default logging that you are not accidently denying traffic that needs to be allowed for this to work properly. 

 

If you are using default profiles for everything there is no reason that you should be having any issues, and it's unlikely (not impossible) that the actual pages are going to be your issue. 

I'll revist the entire config again, on a side note, if I auth into the page everythinf works, correctly. After I sign in (to the basic page) I am brought to the page below, I then get the notifcation on my cell phone from the Duo app, I accept the push\auth on my phone and then the access to the backend server works correctly. So it's working, just not getting the sign-in page as I would expect it to look.Screen Shot 2018-04-27 at 2.11.11 PM.png

Intresting,

 

My assumption is that unless authenticated the firewall's web server is not allowing access to the hosted java script or the CSS,

whic is counter intuitive to the design 😞

 

if you can ask your SE , he may be able to assist if there is an existing issue filed for it.

 

~HTH

  • 6319 Views
  • 15 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!