Not a SAML expert at all. I’m trying to setup a small Global Protect instance to use Auth0 as an IdP that provides MFA via google authenticator for my VPN users. Is anyone aware of a step-by-step tutorial for this? I’ve been able to muddle through and I have my GP firewall redirecting to Auth0 and prompting me for both my username/password as well as my google authenticator code but when I enter the code, the login screen just goes blank and the GP client says “Could not connect to the Authentication server”. Looking at the logs in Auth0, it says that the login is successful. I’m thinking it may have something to do with username mapping but I haven’t been able to figure it out.
Apologies for the late reply, one of the causes can indeed be incorrect attribute mapping for the username, as you have mentioned. Based on the described behaviour, it can mean that the SP ( Global Protect ) receives the SAML assertion from Auth0 ( IdP ), however it cannot identify the user and then stops the connection.
While we currently do not offer a guide for specifically integrating Global Protect with Auth0, this should still follow general SAML principles and requirements. In the Addon’s tab within your application page, go to the SAML2 Web App and configure the mapping for the username attribute. Depending on what GP recognises, let’s say they go with " username ", this should be mapped similarly to : “username”: “http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name”. This way, Auth0 will send an attribute called " username " to the SP, that correspond’s to the " name " attribute within Auth0.