Linux Global Protect clients are unable to connect using SAML after Prisma Access Dataplane Upgrade

• Global Protect client on Linux is no longer able to connect to Prisma Access post dataplane upgrade.
• No issues observed with the Windows or Mac clients.
• If the authentication is changed from SAML to anything else, The linux user can connect now. 
• Users were able to connect until Prisma Access dataplane was upgraded to 10.0.8 or above. 
• The failure is observed at pre login stage with the gateway.
• The error observed on user end is "Gateway UK: The network connection is unreachable or the gateway is unresponsive. Check the network connection and reconnect"

• Global Protect client 5.3.1 or below running on supported Linux environment.
• Prisma Access 2.2 or above with dataplane 10.0.8
• Authentication method using Security Assertion Markup Language (SAML)

• Check following logs to further isolate the problem. The log file to check is PanGPS.log
• The file is available as part of Global Protect log bundle. Refer the article below for help on how to generate the Global Protect logs file.
• Dataplane Upgrade Overview provides information on how the dataplane upgrade works

:577 Debug(3458): ----Gateway Pre-login starts----
:834 Error(1026): pan_process_responder returns NULL!
:835 Debug( 230): Error querying OCSP responder
:835 Error( 278): Failed to query OCSP responsder
:835 Error( 295): [OCSP] The result of Certificate status query is unavailable. 
:835 Debug(1393): ocsp parse result=-1, status=3
:835 Info (1421): pan_ocsp_parse_response() failed
:856 Debug( 288): certIssuer=(null)
:856 Debug( 788): SSL connecting to 137.83.209.110
:988 Debug( 931): SSL_read() no data, closed. error=error:00000005:lib(0):func(0):DH lib.  
:989 Debug(3851): Failed to pre-login to the gateway gb-customer.gw.gpcloudservice.com