Users running WSS Agent to access internet sites via Cloud SWG.
Users authenticate to Cloud SWG using SAML successfully when tunnel initially comes up.
A handful of users however report that the SAML window with IDP login page repeatedly pop up even after they have successfully logged in.
Whoami errors also appear regularly in the WSS Agent diagnostic logs.
All WSS Agent versions supporting SAML (7.3.5+).
Windows hosts generating TLS 1.0 requests into Cloud SWG that are not responded to.
Upgrade Windows OS to get the latest security updates.
Older version of Windows (pre September 2022) sending TLS 1.0 requests into WSS Agent tunnel which are dropped at the proxy.
The initial SAML authentication would go through successfully using newer TLS protocols. When the WSS Agent triggered the whoami check (sent to client-id.wss.symantec,com), it would fail to get a response and PCAPs showed that it used TLS 1.0 as the protocol. This in turn caused the WSS Agent to flag the user as unauthenticated.
When this happened, the WSS Agent would pop up the SAML window where the user would auto-login (assuming the SAML session cookies is still valid), but subsequent whoami requests would fail and we would just repeat in that cycle.