cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Azure SAML double windows to select account

L1 Bithead

Hello everyone,

 

We have configured a new set-up for GlobalProtect which use Auzre SAML authentication and Microsoft Authenticator
It's all working fine with the exception of this weird behavior:

 

- User connect to the portal with SAML authentication

- A window open for the user to select an AD account to use

- User select account

- New window open asking to ack the MS authenticator prompt, user accept.

- Authentication is successful

(So far so good)

- Then a second window asking to select an account appears

- User select the account and is logged in.

 

We want to get rid of that second windows but after scouring all the resources I could find, I can't figure out where this windows is coming from. Assuming it's the gateway.

 

As a test , I removed the authentication on the external gateway, but access is not working at all.
SAML is configured with Single sign-out.

SAML SAML.PNG
User is using GP 5.2.11-10

Palo is 9.1.11-h3

 

Portal is configured to generate a cookie for auth override.

Gateway is configured to accept the cookie.

Certificate to encrypt/decrypt on Portal and Gateway is the same.

Use Default Browser for SAML Authentication in the App config is set to NO

Portal SAML.PNG

Gateway SAML.PNG

 

Did anyone faced the same behavior and manage to have it fixed?
A ticket has been opened, and suggest to Validate Identity Provider Certificate in the SAML server profile. I don't see how it will solve the issue as the authentication is successful.

 

Best regards,
Max

Who Me Too'd this topic