- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
01-10-2025 11:17 AM
Hi everyone,
I recently migrated our implementation over to using SAML for our on-demand VPN users, and due to issues with our IDP/auth method and the embedded browser on Windows (namely that we use many smart cards for auth, and the embedded browser/edge view seems to constantly "remember" the wrong cert, which users cannot easily clear), I have the portal configured to use the system default browser for SAML authentication, as well as deploying clients with the the msi flag/plist value to set this on-install. This has been working as-expected so far.
Last night I initiated the first minimum-version update (from 6.2.3 to 6.2.6) since the SAML transition, then came in this morning to a pile of tickets due to many users getting the auto-update and getting reverted back to using the embedded browser and failing to authenticate with their smart cards (issue I mentioned above). Is there any way to have this setting be preserved when the client is updated by the VPN head-end firewall automatically?
01-10-2025 11:38 AM
Two things to check:
1) Do you have the use-default-browser option enabled for client-auth in your Portal/Gateway configuration?
2) Do you have the 'Use Default Browser for SAML Authentication' enabled in your agent app configuration?
It sounds like you don't have the actual app config set to utilize the default browser as part of your client configuration. That would explain why it worked until you pushed out an update where what you set during the install will be overwritten by what's defined in the app configuration.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!