globalprotect linux client

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

globalprotect linux client

L1 Bithead

Hello 

I want to ask does native linux client (version 5.2) support saml auth with microsoft as a identity provider?

I tried it on ubuntu 18,20 and centos 7.IThe native client could not pass server certificate validation.Other client returns false after hitting SAML20/SP/ACS url

 

Thanks

6 REPLIES 6

L2 Linker
The GlobalProtect App for Linux now supports Security Assertion Markup Language (SAML). You can authenticate users through SAML authentication in the GUI version and not in the CLI version.
 
Due to restrictions for Microsoft Azure support for Ubuntu operating systems, the GlobalProtect App for Linux does not support SAML when Microsoft Azure is used as the SAML identity provider. 

 

 

Hello,

So what about the others centos,fedora?

The documentation only mentions this limitation for Ubuntu OS. So, you should not have problems at least with CentOS, since Fedora is not a supported flavor on Global Protect.  

 

Ref doc: https://docs.paloaltonetworks.com/compatibility-matrix/globalprotect/where-can-i-install-the-globalp...

 

There's a Feature Request for Linux Fedora Global Protect support (FR ID: 16103) already submitted. 

Hello

Yes I tried both centos and ubuntu (v18-v20) I think this list is general.So nobody mention about that globalprotect is working on supported linux distros with azure as a identity provider..So do you know what kind of restrictions ubuntu has?Is it some kind of SSL problem? I'm asking this because I have "invalid server certificate" error and I think it may related with the restrictions on all Linux distros

The restriction seems to be only with Ubuntu. There is a known issue already submitted for that behavior: "GPC-9415 - For the GUI version of the GlobalProtect app for Linux, SAML authentication with Microsoft Azure does not work on Ubuntu 1804 or greater versions".

 

To work around this, we might need to apply the same workaround suggested for this issue "GPC-11090 - Fixed an issue where, when the GlobalProtect app was installed on Linux, users were not able to authenticate through SAML authentication when Microsoft Azure was used as the identity provider". That was addressed in Global Protect v5.1.6. 


They find out a workaround to make it work: One Login and Azure on Redhat, Ubuntu and CentOS. If the page is not loading completely, please right-click the sign-in page, select "inspect" and then select "reload" to make it work.

 

The doc team was asked to consider removing the note I mentioned above, as this may have been fixed. As you are running Global Protect v5.2, these issues/restrictions may be already fixed, and it seems like the limitation(s) was not SSL related. You will want to contact support for the proper Global Protect logs analysis while using Linux distros and SAML authentication.  

Thank you for reply

I already tested it with 5.2.3

We'll consult to gp support team.We may have another problem.

  • 5624 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!