Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-24-2023 08:38 AM
Hi Team.
We would like to introduce Azure AD based authentication at our company for globalprotect connections. Azure AD and CIE integration seems to be OK, as I can login to GP portal with my Azure registered user. However, if I want to connect to the GP vpn with the client, it stuck in "Connecting" phase, even though the authentication seems to be operable in this case as well.
Log files do not tell me too much on the issue, at least I can't find anything what could be relevant. No any errors are logged, only a failed task:
(P2016-T2796)Debug(9512): 10/24/23 14:36:13:167 ----Portal Login starts----
(P2016-T2796)Debug(9515): 10/24/23 14:36:13:167 m_szSavedUserName is
(P2016-T2796)Debug(2442): 10/24/23 14:36:13:167 Failed to open file C:\Users\mkukucska\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_7b5f4a211befe9324aa9a577e857dfcd.dat
(P2016-T2796)Debug(9531): 10/24/23 14:36:13:167 Cas auth
(P2016-T2796)Debug(8724): 10/24/23 14:36:13:167 Return false for saml/cas auth
Globalprotect logs contain only successful portal-prelogin sessions. System logs report cas-client-redirect events, client is redirected to https://cloud-auth.nl.apps.paloaltonetworks.com/auth.
Is this the right place to be redirected? Did not find the option on CIE surface to change this value.
Any hint, what could be the issue?
Thank you,
Mihaly
01-18-2024 10:50 AM
Hi,
We do have the same problem as you. We are also using Azure AD and CIE integration. Connection works sometimes some and doesn't for others, kind of random. Stuck at the connecting stage. Couldn't find anything revelant in PANgps logs. We had a case open for more a year and nothing came out of it. Any clues?
01-18-2024 11:55 PM
HI,
My problem has been solved by enabled "Generage cookie for authentication override" and "Accept cookie for authentication override" under Portals>Agent>Configs>Authentication and enabled "Accept cookie for authentication override" under Gateways>Agent>Client settings>Configs>Authentication override. Hope this helps for you as well.
01-19-2024 06:39 AM
Thanks for the quick response Mkukucska. Setting have been applied like you suggested. I'll update the thread in a couple of days with the results.
07-24-2024 12:00 PM
What was the output ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
