search cancel

WSS and SEP Cloud integration with SAML Authentication Window is coming as Blank

book

Article ID: 253444

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

WSS integrated with SEP Web and Cloud Access protection running in TUNNEL mode.

Users running the SEP agent get blank screen instead of SAML login page as soon as the tunnel is started as shown below:

Users testing this with MacOS clients, but issue will be visible with Windows too.

Users disable system extension1, made sure no firewall/IPS running but Auth window remains blank.

 

 

Environment

installed SEP 14.3RU6 #9070

MacOS 12.6

SAML authentication enabled on WSS tenant

Cause

SEP Application added as an Application bypass in WSS configuration, implying that the requests generated during the SAML authentication flow went direct to server and not via WSS tunnel.

Resolution

Removed the following WSS Application bypass entry:

    {
      "executablePath": "/Applications/Symantec Endpoint Protection.app/**",
      "codeSigner": "Developer ID Application: Broadcom Inc (Y2CCP3S9W7)"
    },

 

Additional Information

Symdiag logs confirms why we are getting the blank login page … as the requests to pod.threatpulse.com are going out the public interface and not the tunnel interface.

This typically occurs when DNS requests cannot be intercepted by the agent (not the case), or when a bypass exists for the domains required for SAML (pod.threatpulse.com, saml.threatpulse.net) which was the case above.

 

Attachments