Hi everyone, I am hoping someone may have seen this before and may have some guidance. I have a fully functioning GlobalProtect OnDemand system with LDAP + SAML setup and working well outside of the pre-login. Once logged in, everything works as expected - the Portal authenticates you with LDAP and then the Gateway pops the webpage (using GP, not default browser) and prompts for SAML. Pre-login wise if I switch to only LDAP, no SAML, it works great, but I need SAML for my 2FA provider. The issue is that the browser that GlobalProtect pops does not run the necessary JavaScript to function so SAML is never requested. It instead errors out on line 0 and the browser just has a spinning wheel on it.
I've already added the 2FA provider's domain to first the Trusted Sites and then the Intranet zone and ensured all things scripting are set to run, as it looks like an IE/Internet Options issue. I've also tried setting GP to use the default browser but none of those seem to do the trick. I have a ticket in with the vendor (SAASPASS) but I thought I'd check here too because I don't know that this problem is specific to them. If anyone had any thoughts that would be much appreciated. Thanks!
