Broken links on CORS enabled Web servers when SEP NTR agent used with SAML

book

Article ID: 224151

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

SEP NTR enabled access access method into WSS

SAML authentication enabled for SEP NTR users

Most users working fine and can authenticate and browse all web sites via WSS without issues

Some users however report broken links and the Browser developer console reports CORS warnings (which SEP NTR agent should handle)

If user hits a HTTP site and then goes back to the site with broken links, all starts to work fine.

Cause

Certain HTTPS sites with CORS enabled causes the authentication into WSS to fail 

Environment

SEP NTR with SAML authentication

SEP NTR with CIA based authentication works fine

Resolution

Until the issue is addressed (planned for SEP 14.3 RU4 release), the following options may be used to work around the issue:

- when the problem occurs, access any http site to trigger a re-authentication (e.g. http://pod.threatpulse.com or http://xhaus.com assuming they are not bypassed from authentication on WSS side)

- switch SEP authentication method from SAML to CIA where we take locally used login credentials and send to WSS

- consider using an alterative agent such as the WSS agent with SAML authentication 

Additional Information

SEP NTR client never sends valid X-Bluecoat-Authorization header, when accessing HTTPS sites for authentication and we cannot completely identify user.