Microsoft SAML authentication does not prompts for credentials after cookie expiration with GlobalProtect

Microsoft SAML authentication does not prompts for credentials after cookie expiration with GlobalProtect

3026
Created On 01/31/23 09:00 AM - Last Modified 03/28/25 20:57 PM


Symptom


Users are not prompted for username/password prompt when the authentication cookie is expired.

Environment


  • GlobalProtect App
  • Prisma Access Mobile Users
  • Azure Active Directory
  • Microsoft SAML IDP

Cause


  • This is caused due to browser caching the credentials when "Stay Signed in" option is selected.
  • With this option once the Cookie is expired, GlobalProtect client prompts for SAML authentication but the browser uses cached credentials when this option is selected and end users do not see authentication prompt.


image.png

Resolution


  1. Based on what is the default browser in the system (Edge, Firefox or Chrome), follow below links to clear cache:
  2. To avoid the issue, Do not use "Stay Signed in" option on the browser.

Additional Information


Google SAML authentication does not prompt for credentials.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGi2CAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail