This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Ruan_Kotze
MVP Gold
MVP Gold
Monday

VPN SAML Browser Authentication fails after latest Edge / Chrome updates

I have not seen any posts on this, so just a heads up.

If users update to the latest Edge / Chrome / Chromium build they will receive a pop-up asking them to Allow access from your VPN url to the local network. Failing to do so will cause SAML authentication to fail.

VPN.png

 

Microsoft References:

Microsoft Edge release notes for Stable Channel | Microsoft Learn
Control a website’s access to the local network in Microsoft Edge - Microsoft Support
Microsoft Edge Browser Policy Documentation LocalNetworkAccessAllowedForUrls | Microsoft Learn

Edit:
As per links above you can add the sites to the allow list via either GPO or Intune Settings Catalog for Edge.

-Ruan

 

 

 
 

 

2 Replies
bsc
Participant
Tuesday

You can deploy that via GPO

https://learn.microsoft.com/en-us/deployedge/microsoft-edge-browser-policies/localnetworkaccessallow...

We're still working on the fix, I can update details, later.

Workaround: Egde settings => website permissions => all permissions => local network access => add website

something like that, in german, its Datenschutz, Suche und Dienste/Websiteberechtigungen/Alle Berechtigungen/Lokaler Netzwerkzugriff )

#########edit - This is, what we did:

1. Quickfix on all computers that are not reachable by GPO: Go to Edge: 

edge://settings/privacy/sitePermissions/allPermissions/localNetworkAccess

and add your SAML-URL to allowed websites

(there may be way to do that smarter by reg or powershell, we just sent out a onepager with a screenshot)

2. (update MS-Edge ADMX templates from https://www.microsoft.com/de-de/edge/business/download and)

configure your MS-Edge-GPO with your SAML URL:

Administrative Templates/Microsoft Edge/Network settings/LocalNetworkAccessAllowedForUrls

to catch all computers, that are not working remotely.

0 Kudos
Ruan_Kotze
MVP Gold
MVP Gold
Tuesday
In response to bsc

Correct - the GPO and Intune settings to resolve are in the links I posted.  We are pushing the setting using the Intune Settings Catalog for Edge.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events