Palo Alto VPN client fails RADIUS authentication the first time, every time.
As the title suggests, my Palo Alto GlobalProtect client fails authentication the first time every time. If done back to back, the client successfully authenticates. From all of the logs, it appears that the Okta RADIUS agent is denying the first attempt to authenticate.
Any Okta RADIUS/Palo Alto experts out there willing to assist?
My name is Silviu and I am a Technical Support Engineer (Tier II) at Okta. Issues with this kind of recurrence and consistency should be carefully and professionally reviewed, so due to this I recommend you right from the start to open a case with us.
I believe you already consulted the guides here: --> For Palo Alto Global Protect (Integration via SAML 2.0 SSO Protocol): http://saml-doc.okta.com/SAML_Docs/How-to-Configure-SAML-2.0-for-Palo-Alto-Networks-GlobalProtect.html
I opened a ticket after I saw a similar discussion regarding Cisco VPN and RADIUS. For your reference the ticket number is: 00376613 and I'll be doing some more troubleshooting today. I'll update as more information is discovered.