Auth connector shows disconnected in the Web Security Service portal
book
Article ID: 173901
calendar_today
Updated On:
Products
Cloud Secure Web Gateway - Cloud SWG
Issue/Introduction
The Auth Connector has been setup on the server and in the Web Security Service (WSS) portal, but the state is showing as disconnected.
Environment
Web Security Service
Cause
There are two potential causes for this issue:
The unique name for the Auth Connector is not correct in the customers server. Each Auth Connector created in the portal will need to have a unique name assigned only to that Auth Connector. If any changes are made to the Auth Connector or it has been deleted, you will need to reinstall.
The cipher suites enabled on the Auth Conncetor server may not be compatible with the control pod for WSS.
Resolution
From the portal > Service > Authentication > Auth Connector > Edit (next to the Auth Connector). This will show the unique name needed as the name of the Auth Connector in the customers server. You will need to reinstall Auth Connector if the unique name was not entered during the installation.
Ensure that the proper cipher suites and public key exchange settings are set:
At least one of the following cipher suites must be enabled:
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
Ensure that PKCS is allowed for key exchanges.
Note: You can use a program like IIS Crypto to verify the cipher suites and key exchange settings.