WSS Agent logs continuously reporting "Whoami request failed” messages
search cancel

WSS Agent logs continuously reporting "Whoami request failed” messages


Article ID: 258983


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Users accessing the internet via Cloud SWG using WSS Agent hosts successfully.

Users authenticate to Cloud SWG service via SAML Identity Provider.

Users report seeing hundreds of "Whoami request failed" messages within the Agent logs.

The message appears cosmetic as no users seem to be impacted negatively.

PAC files pushed to WSS Agent users to send traffic into

WSS Agent with SAML-based authentication.


WSS Agent hosts cannot communicate with


Make sure that is resolvable locally, and that traffic to this destination is sent into WSS Agent tunnel.

In our case, the PAC file was changed so that requests for this domain went into WSS Agent tunnel.


Additional Information

The WSSA log message: 

"whoami request failed" a cosmetic issue.

There is no functionality associated with it.

It is a visual (cosmetic) issue only and states that the user displayed in the WSSA status panel may not match the user in the WSS service.

This is only an issue if a customer is using SAML.  If they are NOT using SAML, then the user in the WSS service will ALWAYS match the user on the WSSA client.

The URL that WSSA uses for the whoami check is:

To avoid this message, make sure that the CTC IP is going DIRECT...(and NOT through a local proxy):

WSS Agent Status panel (tray icon) message: "whoami request failed"

  • It is a warning, NOT an error
  • Functionality is NOT impacted
  • Is a cosmetic issue (can be ignored)

Example: if you are using SAML, the WSS service will identify the user as a SAML user (good), but the username format in the WSSA client will still display the local username in the WSSA client console.