ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

(Cloud) SAML errors or very slow performance


Article ID: 169004


Updated On:


CDP Integration Server


Using Internet Explorer 11 (not a problem using Chrome) the problem manifests itself
IE 11 using Fiddler and no problem.
Using a custom PAC file with multiple PROXY statements
Proxy file or name of proxy file may change
Very slow performance with SAML
Going to a simple website can take a long time


Blue Coat Support was able to reproduce the issue.  Here are some items of note:
  1. The problem manifests itself when there are at least two PROXY statements used with IP addresses in the proxy statements
  2. The problem was reproduced when switching between two proxy.pac files and the IP addresses in the PROXY statements were changed.
  3. It appears that the browser is losing its server affinity.  Here is what a packet capture looks like

Here is what showed up in a packet capture when this happened.
  1. Proxy: > Get
  2. Proxy: > Connect
  3. IDP:  <internal IP address>   > Get the SAML assertion (x2)
  4. Proxy: > Connect
  5. Proxy: > Get
  6. Repeat steps 4 and 5 about 80+ times
  7. Proxy: > Connect
  8. Proxy: > Get
  9. Success.  The success occurs because transactions 7 and 8 are against the same proxy.

Blue Coat Support saw instances where the bouncing between data pods never stopped and went on indefinitely.  It is not known what triggers this to occur.


The PAC file in use consisted of at least two PROXY statements (return "PROXY <data_center1_IP_address>:8080; PROXY <data_center2_IP_address>:8080";).  The resolution is to either use in lieu of using an IP address, or use a single IP address and one PROXY statement instead of two PROXY statements.