search cancel

Auth connector shows disconnected in the Web Security Service portal

book

Article ID: 173901

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

The Auth Connector has been setup on the server and in the Web Security Service (WSS) portal, but the state is showing as disconnected.

Cause

There are two potential causes for this issue:

  1. The unique name for the Auth Connector is not correct in the customers server. Each Auth Connector created in the portal will need to have a unique name assigned only to that Auth Connector. If any changes are made to the Auth Connector or it has been deleted, you will need to reinstall.
  2. The cipher suites enabled on the Auth Conncetor server may not be compatible with the control pod for WSS.

Environment

Web Security Service

Resolution

  1. From the portal > Service > Authentication > Auth Connector > Edit (next to the Auth Connector). This will show the unique name needed as the name of the Auth Connector in the customers server. You will need to reinstall Auth Connector if the unique name was not entered during the installation.
  2. Ensure that the proper cipher suites and public key exchange settings are set:
    1. At least one of the following cipher suites must be enabled:
      • TLS_RSA_WITH_AES_256_CBC_SHA
      • TLS_RSA_WITH_AES_128_CBC_SHA
      • TLS_DHE_RSA_WITH_AES_256_CBC_SHA
      • TLS_DHE_RSA_WITH_AES_128_CBC_SHA
      • TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
      • TLS_RSA_WITH_3DES_EDE_CBC_SHA
    2. Ensure that PKCS is allowed for key exchanges.

Note: You can use a program like IIS Crypto to verify the cipher suites and key exchange settings.