Using a Shared Object for auth policy in Cloud SWG fails.
search cancel

Using a Shared Object for auth policy in Cloud SWG fails.

book

Article ID: 257197

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

The customer is using VPM to create a Cloud SWG auth policy from Management Center (UPE).

When the UPE policy is pushed to Cloud SWG (formerly known as WSS), the push fails with a "Policy Install Failed" error: 

Cause

A Shared Object is being used in the Authentication Layer for the Cloud SWG policy (and this is not currently supported).

Removing the Shared Object resolved the issue. 

Resolution

Remove the Shared Object and use a Local Policy object instead.

Additional Information

Policy push errors:

5 warnings and 108 errors
...
5 warnings and 108 errors
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action 'authenticate(no)' central:333 
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action 'policy.BC_saml_realm_choice' central:338 
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action 'authenticate.mode(origin-ip-redirect)' central:338 
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action 'policy.BC_saml_realm_choice' central:339 
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action 'authenticate.mode(origin-cookie-redirect)' central:339 
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action 'policy.BC_CIA_authentication' central:346 
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action 'policy.BC_CIA_authentication' central:350 
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action 'policy.BC_RCP_authentication' central:357 
Late condition guards early action Condition 'condition=!BC_Authentication_exempt_internal' central:329 Action ...