Setup help for Auth0 with Palo Alto Global Protect

Hello All,

Not a SAML expert at all. I’m trying to setup a small Global Protect instance to use Auth0 as an IdP that provides MFA via google authenticator for my VPN users. Is anyone aware of a step-by-step tutorial for this? I’ve been able to muddle through and I have my GP firewall redirecting to Auth0 and prompting me for both my username/password as well as my google authenticator code but when I enter the code, the login screen just goes blank and the GP client says “Could not connect to the Authentication server”. Looking at the logs in Auth0, it says that the login is successful. I’m thinking it may have something to do with username mapping but I haven’t been able to figure it out.

Thanks for any input or links to good tutorials.

Hi @elliott.peeler

Welcome to the Auth0 Community!

Please allow me some time for research on this topic and I will be back with some information as soon as possible.

Thank you for your patience!
Gerald

Hi @elliott.peeler

Apologies for the late reply, one of the causes can indeed be incorrect attribute mapping for the username, as you have mentioned. Based on the described behaviour, it can mean that the SP ( Global Protect ) receives the SAML assertion from Auth0 ( IdP ), however it cannot identify the user and then stops the connection.

While we currently do not offer a guide for specifically integrating Global Protect with Auth0, this should still follow general SAML principles and requirements. In the Addon’s tab within your application page, go to the SAML2 Web App and configure the mapping for the username attribute. Depending on what GP recognises, let’s say they go with " username ", this should be mapped similarly to : “username”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name”. This way, Auth0 will send an attribute called " username " to the SP, that correspond’s to the " name " attribute within Auth0.

The following documentation should help to Configure Auth0 as SAML Identity Provider with general steps; adding to this, the Customize SAML Assertions and Map SAML Attributes with Auth0 as IdP/SAML Add-on should help with general Attribute Mapping issues.

This should hopefully fix the issue, but let us know if anything else comes up!

Have a great one,
Gerald

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.