Mobile VPN with SSL - SAML login - automatically reconnect can't be enabled
Has any found a way to get the WatchGuard Mobile VPN client with SSL version 12.11.x to automatically attempt to reconnect if SAML authentication is in use? Currently the check box for automatically reconnect is cleared and greyed out when SAML is checked. If not, does anyone know if there is a Feature Request on file with WatchGuard for this?
0
Sign In to comment.
Comments
Hi @Alan_Mercer
Generally, the client will need to go through the SAML authentication process again, as their token will have expired by the time a reconnect is needed. For something like this to work, you'd need to change the IDP's assertion time to the length of time you want the client to be able to reconnect. From a security standpoint, doing this is a bad idea (and the IDP may not even allow it to be set that long.)
The SSLVPN client's Auto-reconnect box is intentionally grayed out to indicate that it isn't available in this situation.
-James Carson
WatchGuard Customer Support
This issue has mostly corrected since upgrading to the 12.11.3 SSLVPN client, however buyer beware, as of yesterday's Microsoft upgrade of Edge to 139.0.3405.86 we have increasing numbers of users who can no longer log in to the SSL VPN using SAML at all and rolling back to Active Directory has failed so far. Also see: https://github.com/MicrosoftEdge/WebView2Feedback/issues/5337
https://techsearch.watchguard.com/KB?type=Known Issues&SFDCID=kA1Vr000000CffJKAS&lang=en_US