You do not have permission to perform the requested action
fzakaria opened this issue · 2 comments
Describe the bug
I get the Okta login screen (Yay!) but I'm hit with the below error when I try to login.
You do not have permission to perform the requested action
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
Logs
2024-07-03 16:29:55.825 INFO [366884] [main@24] GlobalProtect started, version: 1.4.9
2024-07-03 16:29:56.012 INFO [366884] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu...
2024-07-03 16:29:59.439 INFO [366884] [GPClient::populateGatewayMenu@133] Populating the Switch Gateway menu...
2024-07-03 16:30:02.143 INFO [366884] [GPClient::doConnect@238] Start connecting...
2024-07-03 16:30:02.144 INFO [366884] [GPClient::doConnect@259] Start portal login...
2024-07-03 16:30:02.146 INFO [366884] [PortalAuthenticator::authenticate@35] (1/5) attempts, preform portal prelogin at https://confluentinc.gpcloudservice.com/global-protect/prelogin.esp?tmp=tmp&kerberos-support=yes&ipv6-support=yes&clientVer=4100&clientos=Linux
2024-07-03 16:30:02.618 INFO [366884] [PortalAuthenticator::onPreloginFinished@52] Portal prelogin succeeded.
2024-07-03 16:30:02.618 INFO [366884] [PreloginResponse::parse@26] Start parsing the prelogin response...
2024-07-03 16:30:02.618 INFO [366884] [PortalAuthenticator::onPreloginFinished@56] Finished parsing the prelogin response. The region field is: US
2024-07-03 16:30:02.618 INFO [366884] [PortalAuthenticator::samlAuth@119] Trying to perform SAML login with saml-method POST
DevTools listening on ws://127.0.0.1:12315/devtools/browser/793556d8-e7cb-4012-bdab-5cd8cf725ba2
Remote debugging server started successfully. Try pointing a Chromium-based browser to http://127.0.0.1:12315
2024-07-03 16:30:02.712 INFO [366884] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from data:text/html;charset=<REDACTED>
2024-07-03 16:30:02.712 INFO [366884] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2024-07-03 16:30:03.053 INFO [366884] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://confluent.okta.com/app/palo_alto_networks_prisma_access/exkb6vf3wiq7IzxmX357/sso/saml
2024-07-03 16:30:03.053 INFO [366884] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2024-07-03 16:30:03.188 INFO [366884] [SAMLLoginWindow::onLoadFinished@109] Load finished https://confluent.okta.com/app/palo_alto_networks_prisma_access/exkb6vf3wiq7IzxmX357/sso/saml
2024-07-03 16:30:03.233 INFO [366884] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://login.okta.com/discovery/iframe.html
2024-07-03 16:30:03.233 INFO [366884] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2024-07-03 16:30:12.321 INFO [366884] [SAMLLoginWindow::SAMLLoginWindow@31] MAX_WAIT_TIME exceeded, display the login window.
2024-07-03 16:31:39.138 INFO [366884] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://confluent.okta.com/auth/services/devicefingerprint
2024-07-03 16:31:39.138 INFO [366884] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
2024-07-03 16:31:43.329 INFO [366884] [SAMLLoginWindow::onResponseReceived@69] Trying to receive authentication cookie from https://confluent.okta.com/auth/services/devicefingerprint
2024-07-03 16:31:43.329 INFO [366884] [SAMLLoginWindow::checkSamlResult@80] Checking the authentication result...
"Object does not exist at path “/org/freedesktop/NetworkManager/ActiveConnection/15”"
Environment:
- OS:NixOS 24.05
- Desktop Environment: Gnome
Additional context
I'm using a quite old version via Nixpkgs 1.4.9
https://github.com/NixOS/nixpkgs/blob/nixos-24.05/pkgs/tools/networking/globalprotect-openconnect/default.nix
Happy to discuss including a newer version in Nixpkgs if you are seeking that contribution as well.
Hi @fzakaria This error message is raised by the IDP, which is out of the scope of the client. You may need to contact to your administrator with this error message.
Sorry for the bad issue then. I'll try to investigate and close.
If you have any tips let me know.
I figure it's something like needing the HIP report or something ?