Yubikey fails when GlobalProtect using SAML authentication

Yubikey fails when GlobalProtect using SAML authentication

12650
Created On 10/11/20 03:09 AM - Last Modified 04/23/24 00:12 AM


Symptom


  • Global Protect using SAML authentication
  • Yubikey used as second factor authentication.
  • SAML Page displays "Security key or biometric authenticator is not supported on this browser. Contact your admin for assistance"
Yubikey Error

Environment


  • GlobalProtect configured with SAML Authentication
  • Yubikey used for second factor authentication.
  • GlobalProtect versions 5.1.x and below
  • Yubikey is already enrolled 

 

Cause


This issue happens when the following conditions are not met.
  • GlobalProtect version must be version 5.2.x or later.
  • Content version must be 8284-6139 or later.
  • PAN-OS versions 10.0.x, 8.1.17, 9.0.11, 9.1.6 and later releases.
Reference:
Features Introduced in GlobalProtect App 5.2
Default Browser for SAML Authentication
 

 

Resolution


  1. Update the GlobalProtect version to 5.2 or later
  2. Upgrade the PAN-OS on Firewall to the supported versions.
  3. Upgrade/Verify the content version if it is not newer than 8284-6139.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HB8lCAG&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail