search cancel

Broken links on CORS enabled Web servers when SEP NTR agent used with SAML


Article ID: 224151


Updated On:


Web Security Service - WSS


SEP NTR enabled access access method into WSS

SAML authentication enabled for SEP NTR users

Most users working fine and can authenticate and browse all web sites via WSS without issues

Some users however report broken links and the Browser developer console reports CORS warnings (which SEP NTR agent should handle)

If user hits a HTTP site and then goes back to the site with broken links, all starts to work fine.


Certain HTTPS sites with CORS enabled causes the authentication into WSS to fail 


SEP NTR with SAML authentication

SEP NTR with CIA based authentication works fine


Until the issue is addressed (planned for SEP 14.3 RU4 release), the following options may be used to work around the issue:

- when the problem occurs, access any http site to trigger a re-authentication (e.g. or assuming they are not bypassed from authentication on WSS side)

- switch SEP authentication method from SAML to CIA where we take locally used login credentials and send to WSS

- consider using an alterative agent such as the WSS agent with SAML authentication 

Additional Information

SEP NTR client never sends valid X-Bluecoat-Authorization header, when accessing HTTPS sites for authentication and we cannot completely identify user.