Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
GlobalProtect SAML authentication with Embedded Browser stuck a... - Knowledge Base - Palo Alto Networks

GlobalProtect SAML authentication with Embedded Browser stuck after updating Adobe Acrobat Reader to version 21.001.20135

33388
Created On 02/12/21 20:49 PM - Last Modified 05/06/22 20:49 PM


Symptom


Adobe Acrobat Reader update - version 21.001.20135 is breaking SAML authentication process and causing GlobalProtect connection to fail. Once user inputs their credentials on the embedded browser, SAML authentication window gets stuck in connecting state and the GlobalProtect App shows an error message (as shown below) regarding an Adobe plug-in.
 
GP error Adobe

Adobe Error

(Note: Error message doesn't popup automatically. User will have to hover over the GP icon on the taskbar to see the error message).
  
   

Environment


  • GlobalProtect App Version: Any
  • Authentication method: SAML
  • Browser used for SAML Authentication: Embedded
  • Adobe Acrobat Reader Version: 21.001.20135
  • OS: Windows Endpoints
Note: This also applies to GlobalProtect clients connecting to Prisma Access.

 

Cause


This issue is NOT caused by GlobalProtect app. Adobe Acrobat Reader's update 21.001.20135 installs Plugins in the browsers. But, this new plugin is not supported by the embedded browser which is used by GlobalProtect App for SAML authentication. As a result, SAML authentication breaks causing GlobalProtect App connection to fail. Other VPN providers are also facing a similar issue. You can see discussions around this on Adobe community in the following links:

https://community.adobe.com/t5/acrobat-reader/bug-version-21-001-20135/td-p/11821802
https://community.adobe.com/t5/acrobat-reader/adobe-acrobat-reader-21-001-20135-preventing-users-to-connect-to-global-protect/td-p/11823885

  

Resolution


Adode has fixed this issue with a hotfix release 21.001.20138. For more details, refer to this link

If you are unable to upgrade Adode Acrobat Reader version to 21.001.20138, you can use the workarounds listed below to resolve this issue.
  1. Downgrade Adobe Acrobat Reader to the previous version. 
  2. Disable Adobe PDF reader Plugin from the IE browser. To do that, go to Internet Explorer and then settings > manage adds-on then choose All Add-ons and choose Adobe PDF Reader and right click on it then click on disable to disable it.
 Disable Adobe PDF reader
  1. Use the Default System Browser (like Chrome, IE, Firefox, etc) for SAML authentication, check this link for more detail. This feature is supported on GlobalProtect App version 5.2.0 or later and PAN-OS 8.1.17, 9.0.11, 9.1.6, and 10.0.0 or later with Content Release version 8284-6139 or later.
 

Additional Information


Contact Palo Alto Networks Support team if you have additional questions.
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 238,455
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000HCsVCAW&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language