SAML popup showing blank page with MacOS when WSS completely bypassed with SAC
search cancel

SAML popup showing blank page with MacOS when WSS completely bypassed with SAC


Article ID: 254037


Updated On:


Symantec ZTNA Cloud Secure Web Gateway - Cloud SWG


WSS Agent is used on MacOS to send traffic into SAC.

Users bypass WSS completely for web traffic by adding IP bypasses for and - only need to forward SAC destined traffic into WSS.

SAML enabled on WSS but instead of getting the SAML IDP server login page, a blank page is returned.

HAR file shows user request to but instead of a redirect, we get a 204 response with no payload (hence the blank page).



WSS Agent 8.2.1.

SAML Authentication to Okta IDP server.

SAC integration with WSS.



WSS IP address bypass causes DNS requests returned to be ignored by the WSS Agent, causing requests to to go direct to the host and not via WSS.


Apply WSS Agent 9.0.62+.

This addresses an issue where we will intercept DNS requests for the required bypass domains.

Additional Information

WHen troubleshooting WSS Agent SAML issues on the MacOS, it's important to run Symdiag and the grab the HAR file in parallel. 

The HAR file is obtained by running the following 2 commands on the MacOS terminal first, and then rick clicking the blank page (or IDP login page) and selecting the INSPECT option:

sudo "/Applications/Symantec WSS" -p signalAction=enableWebViewDevTools
sudo killall -SIGUSR2

Note that HAR file often cannot be exported from MacOS when problems occur, and hence it is important from the user to take screenshots of the requests/responses. This can be used to confirm we get 307 redirects to and not 204s that trigger blank pages.