"Download was not a valid extension of user script" error downloading Chrome extensions via WSS

book

Article ID: 209033

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

Users accessing WSS with explicit Access method

SAML authentication enabled with cookie surrogates

When attempting to download extensions, it appears to start to download but then users see the following pop up message. Our WSS policy is configured to allow access to chrome.google.com site and category

searchunify.broadcom.com

Cause

Application does not like redirects during extension download. Through a combination of whitelisting sites that triggered 307 redirects for SAML, and bypassing SSL interception, we got this to work.

Environment

Explicit access method

SAML authentication enabled for users

Resolution

Made following combination of changes to allow extensions to download to clients:

  • Auth bypass changes added for
    • googleusercontent.com
    • chrome.google.com
    • www.chromestatus.com
    • ssl.google-analytics.com
    • client2.google.com
  • SSL bypass entries for
    • googleusercontent.com
    • chrome.google.com
    • www.chromestatus.com

Additional Information

HAR files can be used to see what sites we are triggering 307 redirects to, and then whitelist these from authentication

The HTTP logs can be used to determine which SSL sites are being intercepted during download, and added to SSL intercept bypass list.

Attachments