Windows SSO users are getting "Unable to authorize authenticated user" appliance error on the browser.


Article ID: 167642


Updated On:


ProxySG Software - SGOS


The full error on the browser looks like the one below:

Appliance Error (configuration_error)

Your request could not be processed because of a configuration error: "Unable to authorize authenticated user"


The scenarion for this case is environments with two domains, such as and

The ProxySG appliance's LDAP server that points to DC is being used as the LDAP authorization server for the Windows SSO authentication realm.

The LDAP server's DN has been configured as follows:




The two-way trust between these two domains is configurd and working fine.

The issue occurs when users from log in to their workstations and try to browse. When users from try to browse, it works fine.



By default  the 'Follow referrals' option is not enabled on the the LDAP server configuration. Enabling this option resolves this issue.

You can enable this option in the ProxySG Management Console by selecting Configuration > Authentication > LDAP > LDAP Servers and selecting the Realm name. Then select the Follow referrals option.



Note that if you use LDAP v3, you can select Follow referrals to allow the client to follow referrals to other servers. (This feature is not available with LDAP v2.) The default is Disabled.