GlobalProtect App is Stuck on "You are redirected to an embedded browser to authenticate and connect" or "Retrieving Portal Configuration"
20360
Created On 11/02/23 06:57 AM - Last Modified 06/14/24 21:00 PM
Symptom
- When connecting to Portal, SAML authentication page is displayed properly on the embedded browser.
- However, after successful SAML authentication, GlobalProtect App keeps showing "Connecting...You are redirected to an embedded browser to authenticate and connect."
- If user clicks Refresh Connection, GlobalProtect App continues to display "Connecting... Retrieving portal configuration..." and is stuck on this stage.
- On firewall's GlobalProtect log, portal-auth and portal-getconfig events are observed with success result.
- To be out of this stuck-in-connecting stage, user has to reboot the machine or kill the GlobalProtect App and re-run it.
Environment
- Prisma Access or NGFW.
- SAML authentication.
- Portal App settings are configured as follow,
- Have User Accept Terms Of Use before Creating Tunnel is set to Yes (or checked in cloud managed Prisma Access),
- Welcome page is set to None,
- Use Default Browser for SAML Authentication is set to No.
- GlobalProtect App version 6.x.
- Connect method is on-demand.
Cause
- "Have User Accept Terms Of Use" is set to Yes in the GlobalProtect configuration.
- The terms of Use requires welcome page to be configured.
- This welcome page is not configured and set to "None"
Resolution
- Configure Welcome Page or use the existing Welcome page.
- Setting "No" to "Have User Accept Terms Of Use before Creating Tunnel" will also resolve the issue.
- After changes, "commit" the configuration.
Additional Information
GlobalProtect Welcome Page