SEP NTR enabled access access method into WSS
SAML authentication enabled for SEP NTR users
Most users working fine and can authenticate and browse all web sites via WSS without issues
Some users however report broken links and the Browser developer console reports CORS warnings (which SEP NTR agent should handle)
If user hits a HTTP site and then goes back to the site with broken links, all starts to work fine.
Certain HTTPS sites with CORS enabled causes the authentication into WSS to fail
SEP NTR with SAML authentication
SEP NTR with CIA based authentication works fine
Until the issue is addressed (planned for SEP 14.3 RU4 release), the following options may be used to work around the issue:
- when the problem occurs, access any http site to trigger a re-authentication (e.g. http://pod.threatpulse.com or http://xhaus.com assuming they are not bypassed from authentication on WSS side)
- switch SEP authentication method from SAML to CIA where we take locally used login credentials and send to WSS
- consider using an alterative agent such as the WSS agent with SAML authentication
SEP NTR client never sends valid X-Bluecoat-Authorization header, when accessing HTTPS sites for authentication and we cannot completely identify user.