GP Agent SAML Authentication Warning: "The name of the security certificate is invalid or does not match the name of the site."

GP Agent SAML Authentication Warning: "The name of the security certificate is invalid or does not match the name of the site."

6910
Created On 02/04/20 21:28 PM - Last Modified 02/20/20 17:18 PM


Symptom


Imagine the below scenario for GP Authentication using OKTA SAML as the Identity provider
  • User selects valid portal to connect to
  • User is prompted with pop-up window and redirected to the appropriate IDP splash screen
  • After user enters their credentials they are redirected back to the portal but greeted by a cert warning
User-added image
  • When accessing the portal from the browser the user gets a certificate warning splash screen
User-added image

Environment


  • SAML integration 
  • All GP Agents

Cause


This certificate warning occurs when the common name associated to the certificate and the base URL used for the SAML redirection does not match.

User-added image      User-added image

Note: GP Agent uses IE to display the dialogue box for the user-logon prompt

 

Resolution


To correct this issue change the base-url to match the common name within the cert

Example:

User-added image


User-added image

After making this change you should not see the warning during logon via the GP Agent/Application
Certificate when accessing portal should now also show trusted

User-added image

Additional Information


Note: This error pertains to the warning "The name of the security certificate is invalid or does not match the name of the site" seen in the security alert.


 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000POXlCAO&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail