GlobalProtect Pre-Login SAML Webpage Not Loading

cancel
Showing results for 
Search instead for 
Did you mean: 

GlobalProtect Pre-Login SAML Webpage Not Loading

L1 Bithead

Hi everyone, I am hoping someone may have seen this before and may have some guidance.  I have a fully functioning GlobalProtect OnDemand system with LDAP + SAML setup and working well outside of the pre-login.  Once logged in, everything works as expected - the Portal authenticates you with LDAP and then the Gateway pops the webpage (using GP, not default browser) and prompts for SAML.  Pre-login wise if I switch to only LDAP, no SAML, it works great, but I need SAML for my 2FA provider.  The issue is that the browser that GlobalProtect pops does not run the necessary JavaScript to function so SAML is never requested.  It instead errors out on line 0 and the browser just has a spinning wheel on it.

 

I've already added the 2FA provider's domain to first the Trusted Sites and then the Intranet zone and ensured all things scripting are set to run, as it looks like an IE/Internet Options issue.  I've also tried setting GP to use the default browser but none of those seem to do the trick.  I have a ticket in with the vendor (SAASPASS) but I thought I'd check here too because I don't know that this problem is specific to them.  If anyone had any thoughts that would be much appreciated.  Thanks!

 

Script error pops firstScript error pops firstThen the browser pops and spins foreverThen the browser pops and spins forever

4 REPLIES 4

Cyber Elite
Cyber Elite

@rix_jborgen 

 

Which GP version you are running?

Did you test this on Chrome?

 

Regard

 

MP

We're on 5.2.4 which I believe is the latest version at this time.

 

I can't test it on Chrome because as I said this is only a problem with Pre-Login.  Once you're logged into Windows, it works just fine using either the GP Browser or Chrome.  Pre-Login though there's no option for another browser as far as I can tell.  I've tried toggling the Use Default Browser option but it still pops the same built-in GP browser window Pre-Login - I'm guessing because it can't yet read your default browser.

 

@rix_jborgen,

The most recent GlobalProtect agent is 5.2.5, but I don't think an upgrade is going to help you here. Taking that site out of trusted sites (that's not going to be read at the login page anyways) do you actually need to do anything to get the site to function properly. 

@BPry 

 

Thanks, I'll try updating to 5.2.5 anyway.  There's no user interaction required for anything normally.  It just loads itself up and requests login.  I was wondering if anyone else is using this setup and has had success with it?  Or maybe it's just a JavaScript Pre-Login issue?  I wouldn't mind going the Cert route for pre-login instead but as far as I can tell the cert is required whether you're doing pre-login or not, which doesn't bode well for home computers which we have no control over.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!