search cancel

SAML username shows unauthenticated (assigned) in Web Security Service (WSS)

book

Article ID: 252667

calendar_today

Updated On:

Products

Web Security Service - WSS Endpoint Protection Endpoint Protection Cloud Endpoint Security

Issue/Introduction

When using Web Security Service, after logging in via SAML authentication, the username should display the SAML username (like [email protected]).
In some situations, the username will be changed to unauthenticated (assigned). Websites will still be blocked correctly.


Environment

Any applicable OS and:

  • WSS
  • SEP with Web Traffic Redirection
  • Web and Cloud Access Protection
  • SAML Authentication method

Cause

The authenticated user name will update when the application requests a 'whoami' from the WSS service handling the authentication. Whilst the system knows the authenticated user, the subsequent whoami may fail for various reasons of load, network interruption, timeout, and so on. If the whoami fails, the User Interface will display the user as unauthenticated (assigned). This may appear concerning but it has no effect on the authentication success or security effectiveness.

Resolution

This article is informational only.

Attachments