I have a requirement to have client authentication in globalprotect portal/gateway to have with LDAP first then another profile wich is SAML based. the requirement is to authenticate with SAML profile if LDAP auth fails. But as SAML profile cannot be added in authentication sequence, i cannot take advantage of authentication sequence. multiple entries in client authentication under portal -> authentication doesn't seems to be working as it is not trying for the next one as first entry fails. Their document says it is kind of security policy, so that the order should be more specific to general ( which apparently says the OS type is differentiator and it will not try next entry once a OS match happens). But the same document also says "If you need multiple configurations for one OS, you can further distinguish the configurations by your choice of authentication profile", which is very much confusing.
If anybody have any workaround or solution for achieving this, it will be helpful
Thanks in advance!