10-24-2023 08:38 AM
Hi Team.
We would like to introduce Azure AD based authentication at our company for globalprotect connections. Azure AD and CIE integration seems to be OK, as I can login to GP portal with my Azure registered user. However, if I want to connect to the GP vpn with the client, it stuck in "Connecting" phase, even though the authentication seems to be operable in this case as well.
Log files do not tell me too much on the issue, at least I can't find anything what could be relevant. No any errors are logged, only a failed task:
(P2016-T2796)Debug(9512): 10/24/23 14:36:13:167 ----Portal Login starts----
(P2016-T2796)Debug(9515): 10/24/23 14:36:13:167 m_szSavedUserName is
(P2016-T2796)Debug(2442): 10/24/23 14:36:13:167 Failed to open file C:\Users\mkukucska\AppData\Local\Palo Alto Networks\GlobalProtect\PanPUAC_7b5f4a211befe9324aa9a577e857dfcd.dat
(P2016-T2796)Debug(9531): 10/24/23 14:36:13:167 Cas auth
(P2016-T2796)Debug(8724): 10/24/23 14:36:13:167 Return false for saml/cas auth
Globalprotect logs contain only successful portal-prelogin sessions. System logs report cas-client-redirect events, client is redirected to https://cloud-auth.nl.apps.paloaltonetworks.com/auth.
Is this the right place to be redirected? Did not find the option on CIE surface to change this value.
Any hint, what could be the issue?
Thank you,
Mihaly
