Prisma Access Gateway Authentication Failed using OKTA-SAML with message "Okta 400 Bad Request"

Prisma Access Gateway Authentication Failed using OKTA-SAML with message "Okta 400 Bad Request"

9438
Created On 07/28/22 05:16 AM - Last Modified 07/30/24 01:36 AM


Symptom


  • Prisma Access portal authentication is successful using Okta SAML,
  • However, the gateway authentication fails with the error "OKTA 400 Bad Request"
Error 400 OKTA GlobalProtect.jpeg

Environment


  • Prisma Access
  • Global Protect 
  • Supported versions.

Cause


There are two potential Okta configuration issues:
  1. If the "Palo Alto Networks - Prisma Access" app is used, the unique Gateway ID may be incorrectly configured.
  2. If a custom SAML 2.0 application is used, the full list of gateways is not included in the "Requestable SSO URLs" field.

Resolution


 
  1. Refer to step 2 of the SAML Authentication Using Okta as IdP for Mobile Users to modify the Unique Gateway ID
  2. Refer to step 3-2 of the SAML Authentication Using Okta as IdP for Mobile Users to add all gateways to the requestable SSO URLs. 
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000wl9kCAA&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language