(Cloud) SAML errors or very slow performance

Products

CDP Integration Server

Issue/Introduction

Symptoms:
Using Internet Explorer 11 (not a problem using Chrome) the problem manifests itself
IE 11 using Fiddler and no problem.
Using a custom PAC file with multiple PROXY statements
Proxy file or name of proxy file may change
Very slow performance with SAML
Going to a simple website can take a long time

Cause

Blue Coat Support was able to reproduce the issue. Here are some items of note:

The problem manifests itself when there are at least two PROXY statements used with IP addresses in the proxy statements
The problem was reproduced when switching between two proxy.pac files and the IP addresses in the PROXY statements were changed.
It appears that the browser is losing its server affinity. Here is what a packet capture looks like

Here is what showed up in a packet capture when this happened.

Proxy: 199.19.250.164 > Get http://test.threatpulse.com/
Proxy: 199.116.175.164 > Connect saml.threatpulse.net:8443
IDP: <internal IP address> > Get the SAML assertion (x2)
Proxy: 199.116.175.164 > Connect saml.threatpulse.net:8443
Proxy: 199.19.250.164 > Get http://test.threatpulse.com/?SAML_Auth_cookie
Repeat steps 4 and 5 about 80+ times
Proxy: 199.19.250.164 > Connect saml.threatpulse.net:8443
Proxy: 199.19.250.164 > Get http://test.threatpulse.com/?SAML_Auth_cookie
Success. The success occurs because transactions 7 and 8 are against the same proxy.

Blue Coat Support saw instances where the bouncing between data pods never stopped and went on indefinitely. It is not known what triggers this to occur.

Resolution

The PAC file in use consisted of at least two PROXY statements (return "PROXY <data_center1_IP_address>:8080; PROXY <data_center2_IP_address>:8080"

;).  The resolution is to either use proxy.threatpulse.net in lieu of using an IP address, or use a single IP address and one PROXY statement instead of two PROXY statements.