SecureAuth IdP Version Affected: All
Description: When navigating the authentication process, certain embedded browsers will generate an error when trying to navigate the pages. For example, in the Palo Alto Global Protect agent, when you try to go "back" in the process, you get an error like below:
When you search for the exact error, like "__doPostBack is undefined", you find that it is because the browser is unsupported.
Cause: Some of the embedded browsers are not identifiable by .NET Framework, so by default the functional level of contents rendered for them by IIS are down-leveled. Doing so causes advanced features like javascript to be disabled.
Resolution: Follow the steps below to manually identify the embedded browser within the realm. Below we use Palo Alto Global Protect as an example, so you will need to determine the browser name that is embedded, and replace the name below:
1. create D:\SecureAuth\SecureAuthXX\App_Browsers
2. in the folder, create a file called GlobalProtect.browser with the following content:
<browsers>
<browser id="GlobalProtect" parentID="Default">
<identification>
<userAgent match="GlobalProtect" />
</identification>
<capabilities>
<capability name="ecmascriptversion" value="3.0" />
</capabilities>
</browser>
</browsers>
This tells asp.net that the Global Protect embedded browser supports EcmaScript v.3. There may be other <capabilities> that are needed/desired, so additional testing may be required.
Special Considerations (optional as needed): see http://msdn.microsoft.com/en-us/library/ms228122(v=vs.100).aspx for more info.
SecureAuth Knowledge Base Articles provide information based on specific use cases and may not apply to all appliances or configurations. Be advised that these instructions could cause harm to the environment if not followed correctly or if they do not apply to the current use case.
Customers are responsible for their own due diligence prior to utilizing this information and agree that SecureAuth is not liable for any issues caused by misconfiguration directly or indirectly related to SecureAuth products.
Comments
Please sign in to leave a comment.