Reset Search
 

 

Article

KB43709 - Infinite External Browser Pop-Up Windows are opened and goes into loop when Always-On VPN and SAML Authentication instance is configured

« Go Back

Information

 
Last Modified Date3/29/2018 11:30 AM
Synopsis
This article describes an issue were Infinite External Browser Pop-Up Windows are opened and goes into loop when Always-On VPN and SAML Authentication instance is configured
Problem or Goal
Setup:
- PCS and Pulse desktop client running version below 9.0R1
- SAML Authentication instance is configured and mapped to user realm
- "Always-on Pulse Client" option is enabled for the Pulse connection

In an environment with above setup, when user connect to PCS from Pulse Secure desktop client, SAML IDP page is loaded within External Browser Pop-Up Window. Infinite External Browser Pop-Up Windows are opened and goes into loop.
Cause
When "Always-on Pulse Client" option is enabled, "Allow user to override connection policy" option will be greyed out and disabled.

When there is a connection request from Pulse client, PCS request pulse client to launch external browser to carry the authentication flow.
Once the external browser is opened, no action is pending from pulse. 
Pulse connection manager makes a cancel action call to avoid connection retry and waits for the result of browser.
Cancel action can be done by the connection manager only when "Allow user to override connection policy" option is enabled.
Solution
PCS and Pulse desktop client running version below 9.0R1:

Pulse Client was using external browser to load SAML IDP page. 

In order to resolve this issue, we should have below settings:
- "Always-on Pulse Client" option should be disabled.
- "Allow user to override connection policy" option should be enabled.

Note: When "Lock down this connection" option is enabled, "Lockdown mode exception rules" should be configured to allow outbound traffic from IE to PCS and SAML IDP as in below example :

User-added image


PCS and Pulse desktop client running version 9.0R1 and above:

"Enable embedded browser for authentication" option is available.
When this option is enabled, SAML IDP page is loaded within Pulse Embedded Browser.
When this option is disabled, SAML IDP page is loaded within External Browser Pop-Up Window.

In order to resolve this issue with PCS and Pulse desktop client with PCS OS 9.0R1 and above, we should have below settings:
- "Enable embedded browser for authentication" option should be enabled.
- "Always-on Pulse Client" option can be enabled/disabled.

Tentative ETA for the release of PCS and Pulse desktop client version 9.0R1 is last week of APRIL 2018
Related Links
Attachment 1 
Created BySha Hussian

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255