Commit failure with Global Protect portal "Auth setting is invalid: no username field is configured in certificate profile"

Commit failure with Global Protect portal "Auth setting is invalid: no username field is configured in certificate profile"

20837
Created On 07/30/21 18:30 PM - Last Modified 09/07/22 22:34 PM


Symptom


  • Commit failure with the error as below:  "auth setting is invalid: no username field is configured in certificate profile."
          User-added image
  • Certificate profile not containing the username field value set.
          User-added image

Environment


  • GlobalProtect Portal Authentication
  • Prisma Access for Mobile users
  • User Credentials + Certificate Authentication

Cause


  • When the GP user authentication is configured using both the User Credentials as well as Client Certificate with the option below, the username field in certificate profile is expected to be set.
            User-added image

Resolution


  1. Configure the Username Field on the certificate profile to either "Subject" or "Subject Alt"
    • Device Certificate Management Certificate Profile > Username 
                 User-added image
  1. Click OK
  2. Commit changes

Additional Information


  • Please check link for Mixed Authentication Method Support for Certificates or User Credentials.
  • Another workaround is to use the authentication profile with option No (User Credentials AND Client Certificate Required)
  • For the above configuration, All the users need to have a certificate otherwise they would not be able to connect
     
 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000001W0dCAE&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language