Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Globalprotect login stuck in "Connecting" phase after successful authentication via Azure AD - CIE

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Globalprotect login stuck in "Connecting" phase after successful authentication via Azure AD - CIE

L1 Bithead

Hi Team. 

We would like to introduce Azure AD based authentication at our company for globalprotect connections. Azure AD and CIE integration seems to be OK, as I can login to GP portal with my Azure registered user. However, if I want to connect to the GP vpn with the client, it stuck in "Connecting" phase, even though the authentication seems to be operable in this case as well.

Log files do not tell me too much on the issue, at least I can't find anything what could be relevant. No any errors are logged, only a failed task:

(P2016-T2796)Debug(9512): 10/24/23 14:36:13:167 ----Portal Login starts----
(P2016-T2796)Debug(9515): 10/24/23 14:36:13:167 m_szSavedUserName is  
(P2016-T2796)Debug(2442): 10/24/23 14:36:13:167 Failed to open file C:\Users\mkukucska\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_7b5f4a211befe9324aa9a577e857dfcd.dat
(P2016-T2796)Debug(9531): 10/24/23 14:36:13:167 Cas auth
(P2016-T2796)Debug(8724): 10/24/23 14:36:13:167 Return false for saml/cas auth

 

Globalprotect logs contain only successful portal-prelogin sessions. System logs report cas-client-redirect events, client is redirected to https://cloud-auth.nl.apps.paloaltonetworks.com/auth.

Is this the right place to be redirected? Did not find the option on CIE surface to change this value.

Any hint, what could be the issue?

 

Thank you,

Mihaly

4 REPLIES 4

L1 Bithead

Hi,

We do have the same problem as you. We are also using Azure AD and CIE integration. Connection works sometimes some and doesn't for others, kind of random. Stuck at the connecting stage.  Couldn't find anything revelant in PANgps logs. We had a case open for more a year and nothing came out of it. Any clues?

Others - “Cybersecurity is becoming the most important security topic of the future – particularly in the age of digitalization.” Me - It is right now!

HI,

 

My problem has been solved by enabled "Generage cookie for authentication override" and "Accept cookie for authentication override" under Portals>Agent>Configs>Authentication and enabled  "Accept cookie for authentication override" under Gateways>Agent>Client settings>Configs>Authentication override. Hope this helps for you as well.

Thanks for the quick response Mkukucska. Setting have been applied like you suggested. I'll update the thread in a couple of days with the results.

Others - “Cybersecurity is becoming the most important security topic of the future – particularly in the age of digitalization.” Me - It is right now!

What was the output ?

  • 2313 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!