Setting Up SSO In GlobalProtect Clientless VPN Portal App

cancel
Showing results for 
Search instead for 
Did you mean: 

Setting Up SSO In GlobalProtect Clientless VPN Portal App

L0 Member

Hello.

I have a GP portal setup and working with a published app for VMware Horizon. Authentication to the portal is setup with Duo MFA and works as designed. The issue is that I would like to reduce the amount of authentications after the user logs in to the portal. When a user clicks on the the Horizon client HTML5 link, it opens the app page and presents another login. Our users must enter their username and password again to use the application. Is there a way to pass credentials from the Portal to the Horizon app without asking for re-authentication?

8 REPLIES 8

L4 Transporter

Hi Jesse,

 

Some clarification here: Have you setup the clientless VPN portal and VMWare Horizon as two different Service Provider Applications on the same IdP? Which means users have to log into the clientless vpn portal using sso creds once and again to VMware horizon app. We currently do not support SSO functionality.

 

Regards,

Varun

Hi Varun,

 

Sorry I a very new to SAML and SSO with these two systems. The GP Portal is setup to authenticate using a RADIUS profile with Duo MFA that connects to AD. The Horizon system is setup for AD authentication.

 

Does this info help?

HI Jesse,

 

No, we do not support SSO in that case.

I have the same question.

At the GP Clientless portal we use LDAP authendication

At the web application we use the same LDAP authendication

 

It it possible somehow to forward the credentials used on the GP Portal to the web application as well?

That's not currently supported.

@vathreya 

I have the same question.

i have some applications configure in clientless vpn and the GP portal is accessible via AD authentication. how can we use SSO with clientless as users use AD authentication to access those applications?

L0 Member

Shame there's no solution to this. I want users to log into clientless vpn once (SAML auth) and then SSO take over so published apps don't also request an authentication page.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!