Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Duo two factor authentication challenge message not showing in GP Portal

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Duo two factor authentication challenge message not showing in GP Portal

L0 Member

After migrating to PA-1410 from a PA-3200, the Duo 2-FA challenge message stopped showing up on the GP portal page after the initial AD credentials authentication. The functionality is working fine as the textbox for the 2-FA options shows up and proceeds as usual after the user's input, its just that the Duo login banner text that should show up to the user is missing on the page.

 

The message text should show up as:

" Duo two-factor login for USER

Enter a passcode or select one of the following options:

1. Duo Push to XXX-XXX-XXXX
2. SMS passcodes to XXX-XXX-XXXX

Passcode or option (1-2): "

 

This behavior is only occurring in the GP web portal page (in order to download the GP client), other login pages using the same 2-FA sequence and profile (i.e. Admin UI, GP client) display the login message correctly with no issues.

 

I checked the authd.log for differences in logs between the GP portal attempts and the Admin web UI attempts and both are fairly similar, and I am able to see the challenge RADIUS requests and responses (including the banner message received by the firewall)

 

Did anyone experience a similar issue while using Duo/other 2-FA solutions before?

2 REPLIES 2

L3 Networker

Running into similar issue. Can any one help or suggest what could be the issue here?

L3 Networker

Can somebody confirm if this is similar to what we are running into here?

PAN-OS 11.0.4 Addressed Issues: PAN-213011

  • 1127 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!