SSL VPN 12.11.4 SAML issue

AliZAliZ
in Firebox - VPN Mobile User

We are experiencing an issue with SAML authentication on our WatchGuard Firewall M290. When users attempt to connect via VPN using SAML, the embedded web view displays the message:
"You have been successfully authenticated."

However, the VPN connection does not proceed automatically. Users are required to manually right-click and select "Refresh" in order for the VPN to hook the ssl client authentication process and complete the connection.

Comments

  • ThommyThommy

    We have the exact same issue. Everything is on v12.11.4.

  • james.carsonjames.carson Moderator, WatchGuard Representative

    We've run into this issue if the account has been signed in via a school/work account via M365.

    There's currently a bug open to fix this, which is FBX-30414. Some research has shown that a conditional access policy may need to be added inside Entra.

    -James Carson
    WatchGuard Customer Support

  • james.carsonjames.carson Moderator, WatchGuard Representative

    Please see the proposed workaround here:

    @Dave_Daniels said:
    Hi @sega2k6 and @BetterInvesting,

    Can you try this possible workaround?

    On Entra
    Create a conditional access policy
    On the Users, add the user you are testing with that is having the issue. (Later you can add the full sslvpn group if it works for you)
    On Target resources, add the sslvpn application that was created for the SAML integration.
    On Session, set the sign-in frequency to Every time
    Set policy to ON position
    Click Create

    Wait for about 30 mins for Entra to apply the changes. There seems to be a delay on this.

    Then test. Does this allow your user to manually sign into the mini saml browser now?

    -James Carson
    WatchGuard Customer Support

Sign In to comment.