System Browser Error: Testing 'check_auth' Endpoint URL
search cancel

System Browser Error: Testing 'check_auth' Endpoint URL


Article ID: 367199


Updated On:


Cloud Secure Web Gateway - Cloud SWG


As an administrator, I am issuing a request to via the system browser to test the "check_auth" endpoint URL.

The request via the system browser returns "This site can't be reached" error message.


Symantec Agents: Enterprise Agent, WSS Agent: Sep Agent Tunnel Mode

SALM authentication with samlSystemBrowser = true enabled 

Windows or macOs

System Browser


The HAR file shows that the system browser upgraded the request from HTTP to HTTPS

in this case, Chrome's experimental feature, "HTTPS-Only Mode," was enabled causing the agent NOT to allow the request through.

The request must be sent over HTTP because the agent needs to monitor it to determine when authentication is finalized. The WSS agent ensures encryption by channeling it through the tunnel, ensuring it's always secure.

Direct access to this request is discouraged, as it's an internal process exclusively initiated by agent. If you attempt to issue these requests yourself, there's no assurance they'll traverse the tunnel, potentially disrupting authentication


To address this, users are presented with a few options:

  1. Disable Chrome HTTPS-Only feature

    1. Open Google Chrome browser.

    2. In Chrome, click on the three dots in the top-right corner to open the menu.

    3. Select "Settings" from the dropdown menu.

    4. Scroll down and click on "Security" in the left sidebar.

    5. Under the "Security" section, toggle on "Always use secure connections".

    6. Close and reopen Chrome for the changes to take effect.

    Now, you'll experience HTTPS upgrades and receive warnings for insecure downloads. If you've enabled "Always use secure connections", Chrome will prioritize secure connections for enhanced protection.

  2. Use an alternative browser as their system browser

  3. Use the agent's WebView for authentication. You will need to disable samlSystemBrowser by setting to false. The default option is false, see Cloud SWG Reference: WSS Agent Configuration Options under additional information

    Note :: Each option carries its own set of pros, cons, and limitations, warranting careful consideration based on individual requirements and security priorities.

Additional Information