cancel
Showing results for 
Search instead for 
Did you mean: 

Embedded Browser / IE11 Retire / SAML Auth

SOLVED
elevator4
Occasional Contributor

Embedded Browser / IE11 Retire / SAML Auth

Hi All - 

 

I'm curious if others are in a similar situation and can add some clarity.  My org uses Pulse Secure Client on Windows and we enabled the embedded browser so our user base can perform SAML/MFA authentication within the Pulse App.  I think that IE11 is leveraged as the "embedded browser" for the this authentication process to take place within the Pulse App -- is this correct?

With IE11 being retired (June 15th), I am concerned that the authentication process may break.  I see KB45094 shares a solution to upgrade to PDC 9.1R15 and add some reg keys to utilize the Edge browser -- is this for the embedded browser as well?  I don't want to rush a new Client deployment if it's not needed, but certainly will if I have to keep things operational (we would have to do this via SCCM).  I do have a support ticket open to get answers too, but wanted to get the community's take on this as well.

 

I have tested on 2 machines the GPO setting to "Disable Internet Explorer 11 as a standalone browser" -- with that applied, I am still able to authenticate through the Pulse Client, however, I'm not confident this replicates what will happen when Internet Explorer 11 is retired.  Pulse Client doesn't really use IE11 as a standalone browser, since it's embedded, but I'm no expert on the technicalities of this GPO and how Pulse embedded browser works.

 

At any rate, I'll stop rambling and hopefully will get some thoughts from others.  Appreciate any insights!

1 ACCEPTED SOLUTION

Accepted Solutions
zanyterp
Moderator

Re: Embedded Browser / IE11 Retire / SAML Auth

yes, you are correct that the embedded browser is currently using an IE11 stub. as such, we do not expect failure to happen once this is removed/marked as retired by microsoft
no, the registry changes are not for the embedded browser; that will only be for sites using the external browser for saml login through the pulse client
as far as what will happen? it depends on your idp: if it still allows ie11, nothing should change; if it prevents ie11 access, login will fail

View solution in original post

3 REPLIES 3
zanyterp
Moderator

Re: Embedded Browser / IE11 Retire / SAML Auth

yes, you are correct that the embedded browser is currently using an IE11 stub. as such, we do not expect failure to happen once this is removed/marked as retired by microsoft
no, the registry changes are not for the embedded browser; that will only be for sites using the external browser for saml login through the pulse client
as far as what will happen? it depends on your idp: if it still allows ie11, nothing should change; if it prevents ie11 access, login will fail
elevator4
Occasional Contributor

Re: Embedded Browser / IE11 Retire / SAML Auth

Thanks a bunch zanyterp, much appreciated!  I feel good about where we stand currently, but will definitely be looking to deploy a newer Pulse Client in the coming weeks to reduce IE11 dependency (even if it is embedded).

 

Thanks again!

zanyterp
Moderator

Re: Embedded Browser / IE11 Retire / SAML Auth

you are welcome; hopefully all goes well with your idp until we are able to get a new client out that uses edge as the rendering engine