WSS integrated with SEP Web and Cloud Access protection running in TUNNEL mode.
Users running the SEP agent get blank screen instead of SAML login page as soon as the tunnel is started as shown below:
Users testing this with MacOS clients, but issue will be visible with Windows too.
Users disable system extension1, made sure no firewall/IPS running but Auth window remains blank.
installed SEP 14.3RU6 #9070
SAML authentication enabled on WSS tenant
SEP Application added as an Application bypass in WSS configuration, implying that the requests generated during the SAML authentication flow went direct to server and not via WSS tunnel.
Removed the following WSS Application bypass entry:
"executablePath": "/Applications/Symantec Endpoint Protection.app/**",
"codeSigner": "Developer ID Application: Broadcom Inc (Y2CCP3S9W7)"
Symdiag logs confirms why we are getting the blank login page … as the requests to pod.threatpulse.com are going out the public interface and not the tunnel interface.
This typically occurs when DNS requests cannot be intercepted by the agent (not the case), or when a bypass exists for the domains required for SAML (pod.threatpulse.com, saml.threatpulse.net) which was the case above.