I've just setup a PCS poc. My authentication server is an Azure SAML iDP and logging into the pulse web portal is working as intended. The portal forwards the authn request to azure, where user authentication takes place (including 2FA).
Now i'm trying to get the Pulse client setup and it's using the same realm and authentication as the web access; however, when i connect the client i'm never asked for credentials nor do i receive the Azure 2FA. Upon trying to connect, the client launches a web browser which automatically authenticates to the pulse web portal, although i never see an azure login page, and then the client connects.
The access logs indicate that the saml request is being sent and a response is being received.
I have password saving and windows credntials login disabled. Any help as to what might be causing this would be great. Thank you much.
Also, i've tried it on multiple devices, rebooted the device and cleared the browser cache, in order to make sure i didn't still have the SAML token. Thanks.
Further oddness is that my vpn rules are based on saml group claims and appear to be working; however, according to my Azure logs, there are no sign-ins for client connections. there are only sign-in log entries for my web portal login's.
@loosechanges The behavior is as per the design. Microsoft uses PRT(primary refesh token) which is saved on end user PC and hence bypassing the credentials.