Shibb for Global Protect VPN?

Mak, Steve makst at
Thu Jan 21 20:43:13 UTC 2021

We found that we couldn't use ShibSP, but the GlobalProtect server could be configured for SAML using its own built-in SAML implementation and internal browser (that is not great)

From: users <users-bounces at> on behalf of IAM David Bantz <dabantz at>
Reply-To: Shib Users <Users at>
Date: Thursday, January 21, 2021 at 14:42
To: "Users at" <Users at>
Subject: Shibb for Global Protect VPN?

UAlaska has deployed VPN access using Global Protect. If I understand correctly, VPNs are (or can be) initiated in a web portal. If so, seems one could protect that web page with Shibb and thus have a valid SSO session immediately upon establishment of VPN connection (at least if IP address consistency is not enforced). I’ve been asked about that scenario by alert users. Has anyone tried that and willing to share experience? Or perhaps disabuse me of its feasibility?

David St. Pierre Bant
UAlaska IAM
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the users mailing list