search cancel

Two Single Sign On (SSO) requests are causing site to throw a server error


Article ID: 174595


Updated On:


Cloud Secure Web Gateway - Cloud SWG


A generic server error is being thrown while attempting to log in to a web site. In the .har file, there are two Single Sign On (SSO) requests.


Web Security Service


SAML is trying to authenticate you before the browser sends your credentials. This double authentication causes the web server to block the sign on before either is finished, throwing a generic server error.

In the screenshot below, the blue "1" represents the username sent by SAML. The red "2" represents the credentials you entered into the site.


In your Web Security Service Portal, add the site to the Global Exemptions list for authentication:

  • Go to: Service > Authentication > Authentication Policy > Global Exemptions
  • Click "+ Add Auth Exemption"
    • Source: Any
    • Destination: <for this example,>
  • Verdict will be Bypass Authentication
  • Click Activate

After exempting the site, you no longer receive an error, and only your entered credentials are sent to the site.