I want to ask does native linux client (version 5.2) support saml auth with microsoft as a identity provider?
I tried it on ubuntu 18,20 and centos 7.IThe native client could not pass server certificate validation.Other client returns false after hitting SAML20/SP/ACS url
The documentation only mentions this limitation for Ubuntu OS. So, you should not have problems at least with CentOS, since Fedora is not a supported flavor on Global Protect.
There's a Feature Request for Linux Fedora Global Protect support (FR ID: 16103) already submitted.
Yes I tried both centos and ubuntu (v18-v20) I think this list is general.So nobody mention about that globalprotect is working on supported linux distros with azure as a identity provider..So do you know what kind of restrictions ubuntu has?Is it some kind of SSL problem? I'm asking this because I have "invalid server certificate" error and I think it may related with the restrictions on all Linux distros
The restriction seems to be only with Ubuntu. There is a known issue already submitted for that behavior: "GPC-9415 - For the GUI version of the GlobalProtect app for Linux, SAML authentication with Microsoft Azure does not work on Ubuntu 1804 or greater versions".
To work around this, we might need to apply the same workaround suggested for this issue "GPC-11090 - Fixed an issue where, when the GlobalProtect app was installed on Linux, users were not able to authenticate through SAML authentication when Microsoft Azure was used as the identity provider". That was addressed in Global Protect v5.1.6.
They find out a workaround to make it work: One Login and Azure on Redhat, Ubuntu and CentOS. If the page is not loading completely, please right-click the sign-in page, select "inspect" and then select "reload" to make it work.
The doc team was asked to consider removing the note I mentioned above, as this may have been fixed. As you are running Global Protect v5.2, these issues/restrictions may be already fixed, and it seems like the limitation(s) was not SSL related. You will want to contact support for the proper Global Protect logs analysis while using Linux distros and SAML authentication.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!