Cannot authentication to WSS Agent via popup after MacOS host wakes up from sleep
search cancel

Cannot authentication to WSS Agent via popup after MacOS host wakes up from sleep

book

Article ID: 247172

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

User running WSS Agent on MacOS cannot browse internet when the host wakes up from sleep.
Once we hit this condition, even initiating a RECONNECT fails to allow users browse internet.
Logs show that WSS agent tries to authenticate but user never see any popup appear on the host.
PAC file pushed out to WSS Agent hosts to send traffic to local proxy as well as into WSS.

 

Environment

MacOS 12.4.

WSS Agent 8.1.1.

Resolution

Upgrade to MacOS 12.5 addressed the issue.

It is also recommended that hosts running WSS Agent on MacOS with SAML also upgrade to WSS Agent version 8.1.2.

Additional Information

In terms of log analysis, Webkit never starts the auth process and here are the key log entries:

// WSS Agent logs shows we are waiting for Auth request

                Line 1960: nxt  diagnostic-log_us_cpp                326  CreateLogItemForMessage                 846      0x609e   -  07/01/2022-09:34:27.043778  Info     DiagnosticLog(): [2022-Jul-01 11:34:27 (UTC+2:00)]: Tunnel#4(xxxx) connected to concentrator: 46.235.155.164(GFRPA-UDP), Nat IP: 10.245.194.160, RcvBuf: 2097152
                Line 1967: nxt  diagnostic-log_us_cpp                326  CreateLogItemForMessage                 846      0x1a00   -  07/01/2022-09:34:27.047449  Info     DiagnosticLog(): [2022-Jul-01 11:34:27 (UTC+2:00)]: Connection to WSS successful
                Line 3559: nxt  diagnostic-log_us_cpp                326  CreateLogItemForMessage                 846      0x60a1   -  07/01/2022-09:34:28.209284  Info     DiagnosticLog(): [2022-Jul-01 11:34:28 (UTC+2:00)]: Waiting for user authentication (xxxx)

// PCAPs show we never have any authentication requests sent from the WSS agent host! We never see any requests from the plugin to pod.threatpulse.com, saml.threatpulse.net or the IDP server ….

// IOS system log shows that IOS device does get called at the time …

2022-07-01 11:34:28.211034+0200 0x14b6     Default     0x0                  691    0    wssa-ui_netext: (WebKit) [com.apple.WebKit:Loading] 0x14181d218 - [pageProxyID=6, webPageID=7, PID=880] WebPageProxy::loadRequest:

2022-07-01 11:34:28.214560+0200 0x4df2     Default     0x0                  882    0    com.apple.WebKit.Networking: (CFNetwork) Task <DAB08808-0AD7-4A47-9EC9-51ACF6F57117>.<17> setting up Connection 8
2022-07-01 11:34:28.215054+0200 0x60c5     Default     0x0                  882    0    com.apple.WebKit.Networking: (CFNetwork) Sending CFNA PAC query
:
2022-07-01 11:34:28.272372+0200 0x607b     Default     0x0                  2854   0    CFNetworkAgent: (CFNetwork) PAC query complete list=<private>, error=(null)
2022-07-01 11:34:28.272557+0200 0x60c5     Default     0x0                  882    0    com.apple.WebKit.Networking: (CFNetwork) Received CFNA PAC response

After that we see the webkit loads the page, but do not see any requests go out …

Powered by Wolken Software