we have set up SAML-authentication to azure for our remote clients on our Cluster-XL (R81.10). We wanted to enable single-sign-on, so when the windows-credentials are inserted on windows login mask, the endpoint security client starts and connects with the credentials on the azure active-directory before windows-login runns through.
So far it works, till the client wants to connect. In the status bar the connection continues till "Connecting to site" then after some minutes we get the error "Negotiation with site failed".
On our other client we noticed, that the client connects not until windows login is ready and desktop is shown. Than the client opens itself and the SAML-login runs through correctly.
We found a difference in proxy-configuration on both clients. We use a proxy-skript, that lies on a webserver that is only accessible when vpn-tunnel is running. On the Endpoint Connect Client, we use the "No Proxy"-Setting. On both clients "auto-connect" for the site is enabled and SDL is enabled too.
Is there a "best-practise" for proxy-configuration when using SAML-authentication or can you give us tipps how you use proxy-scripts on SAML-authentication?
Thanks so far and best regards