This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Authentication Issue with Authentic ID and GlobalProtect Integration

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Authentication Issue with Authentic ID and GlobalProtect Integration

hamza_d
L1 Bithead

‎08-06-2024 08:20 AM

Hello,

I have integrated Authentic ID with GlobalProtect as the Identity Provider (IDP), but the username and password fields are not appearing for authentication. Have you encountered a similar issue, or do you have any suggestions on how to resolve it?

hamza_d_1-1722957486264.png


Thanks in advance.

0 Likes Likes
4 REPLIES 4

aleksandar.astardzhiev
Cyber Elite
Cyber Elite

‎08-06-2024 12:25 PM

Hi @hamza_d ,

 

What version of GlobalProtect are you using?

When using SAML authentication, the username and password login form is provided by the IdP. The GlobalProtect just act as simple web browser that visualize the content provided by the IdP.

 

As described here GlobalProtect embedded browser was recently upgraded to use newer framework - https://docs.paloaltonetworks.com/globalprotect/6-2/globalprotect-app-release-notes/features-introdu...

 

I am wondering if the IdP is having issues with the framework used by the GlobalProtect.

 

As workaround you may try to switch to "default browser". This will tell GlobalProtect to use the web browser that is set as default for the OS.

0 Likes Likes

hamza_d
L1 Bithead
In response to aleksandar.astardzhiev

‎08-07-2024 06:30 AM

Hello @aleksandar.astardzhiev ,

What version of GlobalProtect are you using?

-->6.1.1-5

0 Likes Likes

hamza_d
L1 Bithead

‎08-07-2024 08:30 AM

Hi @aleksandar.astardzhiev ,

After restarting the GlobalProtect service on my Windows machine, GlobalProtect started redirecting to the default browser for authentication via IDP. However, I am now experiencing authentication failures, even though the IDP logs show successful authentication.

Thanks.

0 Likes Likes

aleksandar.astardzhiev
Cyber Elite
Cyber Elite
In response to hamza_d

‎08-09-2024 08:39 AM

Hi @hamza_d ,

Remember that under the hood GlobalProtect is performing two authentication - first authenticate and connect to GP Portal then authenticate annd connect to GP Gateway. By default GP client will try to reuse the credentials you use for portal to authenticate you to the gateway. With SAML this is not possible.

Try search through the form there should be multiple similar questions, explaining that workaround would be to set GP Portal to create authentication cookie, valid for 1mins and set GP Gateway to accept authentication cookie. This way when user is connecting with GP client, he will be authenticated with SAML against the portal. Portal will give the client cookie, which it will use to authenticate to GP Gateway.

 

You should still keep the SAML authentication on the portal, in case GP client skip portal connection (when using the last known good cached config)

0 Likes Likes
  • 639 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks