This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

GlobalProtect Pre-Login SAML Webpage Not Loading

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

GlobalProtect Pre-Login SAML Webpage Not Loading

rix_jborgen
L1 Bithead

‎02-01-2021 10:01 AM

Hi everyone, I am hoping someone may have seen this before and may have some guidance.  I have a fully functioning GlobalProtect OnDemand system with LDAP + SAML setup and working well outside of the pre-login.  Once logged in, everything works as expected - the Portal authenticates you with LDAP and then the Gateway pops the webpage (using GP, not default browser) and prompts for SAML.  Pre-login wise if I switch to only LDAP, no SAML, it works great, but I need SAML for my 2FA provider.  The issue is that the browser that GlobalProtect pops does not run the necessary JavaScript to function so SAML is never requested.  It instead errors out on line 0 and the browser just has a spinning wheel on it.

 

I've already added the 2FA provider's domain to first the Trusted Sites and then the Intranet zone and ensured all things scripting are set to run, as it looks like an IE/Internet Options issue.  I've also tried setting GP to use the default browser but none of those seem to do the trick.  I have a ticket in with the vendor (SAASPASS) but I thought I'd check here too because I don't know that this problem is specific to them.  If anyone had any thoughts that would be much appreciated.  Thanks!

 

Script error pops firstScript error pops firstThen the browser pops and spins foreverThen the browser pops and spins forever

2 people had this problem.
0 Likes Likes
7 REPLIES 7

MP18
Cyber Elite
Cyber Elite

‎02-01-2021 09:52 PM

@rix_jborgen 

 

Which GP version you are running?

Did you test this on Chrome?

 

Regard

 

MP

Help the community: Like helpful comments and mark solutions.
0 Likes Likes

rix_jborgen
L1 Bithead
In response to MP18

‎02-02-2021 06:54 AM

We're on 5.2.4 which I believe is the latest version at this time.

 

I can't test it on Chrome because as I said this is only a problem with Pre-Login.  Once you're logged into Windows, it works just fine using either the GP Browser or Chrome.  Pre-Login though there's no option for another browser as far as I can tell.  I've tried toggling the Use Default Browser option but it still pops the same built-in GP browser window Pre-Login - I'm guessing because it can't yet read your default browser.

 

😞

0 Likes Likes

BPry
Cyber Elite
Cyber Elite
In response to rix_jborgen

‎02-02-2021 07:02 AM

@rix_jborgen,

The most recent GlobalProtect agent is 5.2.5, but I don't think an upgrade is going to help you here. Taking that site out of trusted sites (that's not going to be read at the login page anyways) do you actually need to do anything to get the site to function properly. 

0 Likes Likes

rix_jborgen
L1 Bithead
In response to BPry

‎02-02-2021 07:07 AM

@BPry 

 

Thanks, I'll try updating to 5.2.5 anyway.  There's no user interaction required for anything normally.  It just loads itself up and requests login.  I was wondering if anyone else is using this setup and has had success with it?  Or maybe it's just a JavaScript Pre-Login issue?  I wouldn't mind going the Cert route for pre-login instead but as far as I can tell the cert is required whether you're doing pre-login or not, which doesn't bode well for home computers which we have no control over.

0 Likes Likes

Prabaharan.D
L1 Bithead
In response to rix_jborgen

‎06-08-2022 06:23 AM

I am having the same issue, Is this Pre-login screen issue resolved after upgrade?

 

Global protect Err Msg 3.png

0 Likes Likes

rix_jborgen
L1 Bithead
In response to Prabaharan.D

‎06-08-2022 06:41 AM

So your issue doesn't look like it is Pre-Logon.  You're already logged into Windows so whatever is going on with you seems to be Post-Logon.  I spent the time and went the Certificate route for Pre-Logon anyway and it was definitely worth and time and investment. Getting things working properly with your internal CA was the most difficult part but it works really well.  I'd recommend upgrading if you haven't.  There have been a ton of fixes since 5.2.5

0 Likes Likes

Prabaharan.D
L1 Bithead
In response to rix_jborgen

‎06-08-2022 06:58 AM

It is certainly the pre-login issue. I could not able to provide my login user id and password credentials in that screen which is blank.
I checked and my client is providing the latest version as 5.1.3-12. Check my other post for full details here
LIVEcommunity - Globalprotect login page blank - LIVEcommunity - 501596 (paloaltonetworks.com)<>

I don't know how certificate authentication works as you referred.
0 Likes Likes
  • 5487 Views
  • 7 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks