Error:
An unexpected error occurred. Please click Reload to try again.
Error:
An unexpected error occurred. Please click Reload to try again.
SAML With GlobalProtect Application Doesn't Prompt For Selectio... - Knowledge Base - Palo Alto Networks

SAML With GlobalProtect Application Doesn't Prompt For Selection Of Second Factor Authentication

17682
Created On 03/06/20 18:22 PM - Last Modified 07/21/20 20:30 PM


Symptom


  • Users are prompted for second factor using SAML from a browser window, but not from the GlobalProtect agent.
  • User tries to connect GlobalProtect using GlobalProtect Agent application, it sees a SAML login page for secure authentication.
  • After providing login credentials user's must be prompted for selection of second factor authentication.
  • Example: receiving pass code via phone or email for second factor authentication.

Environment


  • Global Protect
  • Any current PAN-OS
  • Client device with GP Agent installed

Cause


  • The IDP's server login page does not count browsers rather than standard ones, based on their user agent string.
  • For GlobalProtect, browser's user-agent string is "Pan GlobalProtect" and "GlobalProtect Mac GP Client" which will be recognized by the IDP login page.

Resolution


Update the login page to take into account user agent (just search for "GlobalProtect" in the user-agent string.)

 
Other users also viewed:
How to download GlobalProtect from the Customer Support Portal
Download and Install the GlobalProtect App for Windows
Resource List: GlobalProtect Configuring and Troubleshooting
PAN-OS Software Updates
Where to find the current preferred software versions? (PAN-OS, GlobalProtect, User-ID Agent, Plugins)
Results 1-5 of 239,884
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/kCSArticleDetail?id=kA10g000000POxo&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FkCSArticleDetail

Choose Language