KB40438 - Host Checker is evaluated twice when using SAML authentication with Pulse Secure Desktop client

This article describes an issue where Host Checker is evaluated within the Pulse Secure Desktop client and evaluated again within the browser window.

When the Pulse Secure Desktop client is used for login to a realm when SAML Auth Server configured, the end user will see the following behavior:

• Connection is initiated from the Pulse Secure desktop client and Host Checker policy is evaluated in the Pulse Secure client.
• After successful completion of Host Checker policy evaluation then a browser window is launched for SAML auth, Host Checker policy is evaluated again.

Currently, this is working as designed.

Currently, the Pulse Secure Desktop client is leveraging the native browser (Internet Explorer for Windows and Safari on macOS) when SAML authentication is configured.  With the current design, this behavior mimics the same behavior if the end user where to login via the web browser where standalone version of Host Checker will be launched instead of the built-in Host Checker in Pulse.

Pulse Secure is looking into design changes how to improve the end user experience in a future release of Pulse Secure Desktop client.  For more information, please reach out to the regional Sales Engineer to further discuss the enhancement request of OSX-7.

KB will be update with further timelines once this information is made available.