- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
04-07-2020 09:29 AM
Hello.
I have a GP portal setup and working with a published app for VMware Horizon. Authentication to the portal is setup with Duo MFA and works as designed. The issue is that I would like to reduce the amount of authentications after the user logs in to the portal. When a user clicks on the the Horizon client HTML5 link, it opens the app page and presents another login. Our users must enter their username and password again to use the application. Is there a way to pass credentials from the Portal to the Horizon app without asking for re-authentication?
04-07-2020 09:35 AM
Hi Jesse,
Some clarification here: Have you setup the clientless VPN portal and VMWare Horizon as two different Service Provider Applications on the same IdP? Which means users have to log into the clientless vpn portal using sso creds once and again to VMware horizon app. We currently do not support SSO functionality.
Regards,
Varun
04-07-2020 09:41 AM
Hi Varun,
Sorry I a very new to SAML and SSO with these two systems. The GP Portal is setup to authenticate using a RADIUS profile with Duo MFA that connects to AD. The Horizon system is setup for AD authentication.
Does this info help?
04-07-2020 11:43 AM
HI Jesse,
No, we do not support SSO in that case.
04-17-2020 05:31 AM
I have the same question.
At the GP Clientless portal we use LDAP authendication
At the web application we use the same LDAP authendication
It it possible somehow to forward the credentials used on the GP Portal to the web application as well?
04-17-2020 09:04 AM
That's not currently supported.
01-20-2021 10:56 AM
I have the same question.
i have some applications configure in clientless vpn and the GP portal is accessible via AD authentication. how can we use SSO with clientless as users use AD authentication to access those applications?
02-11-2021 03:21 AM
Shame there's no solution to this. I want users to log into clientless vpn once (SAML auth) and then SSO take over so published apps don't also request an authentication page.
07-06-2021 03:02 PM
I do not think this link is the answer to SSO features with Clientless GlobalProtect. This only shows how to setup Okta saml authentication for GlobalProtect clientless vpn and how to create a bookmark that will allow a workaround for IDP initiated workflow. What this thread is talking about it allowing you to use SSO between different SP(service provider) applications configured in the same IDP. I have tried this with both Okta and Keycloak. I think the reason this does not work is because the firewall does not receive the session cookies that tell the IDP that it is the same session as the application trying to SSO to. Unfortunately I am not certain why this is a problem but I know that right now it does not work.
08-19-2024 05:44 AM
did you got any solution as workaround?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!