05-11-2022 07:45 AM
Users can't complete authentication to the Global Protect portal with Azure SAML auth. When I go to the portal address in a web browser it redirects me to an Office 365 login, I enter my credentials and MFA code, it sits on a login.microsoftonline.com URL loading and eventually fails with the this URLin the address bar, <global-protect-url>/SAML20/SP/ACS. Chrome returns an ERR_EMPTY_RESPONSE, Firefox returns a message saying, "The page you are trying to view cannot be shown because the authenticity of the received data could not be verified."
I followed this documentation for setting up the Azure SAML authentication: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g0000008U48CAE
The user authenticates successfully on the Azure side but the authentication never gets passed back to the firewall.
If I switch the authentication for the portal over to LDAP I can login. Computer with the Global Protect agent can't connect either but I switched to troubleshooting in the browser to eliminate the agent version being an issue.
