System Browser Error: Testing 'check_auth' Endpoint URL
search cancel

System Browser Error: Testing 'check_auth' Endpoint URL

book

Article ID: 367199

calendar_today

Updated On: 05-08-2024

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

As an administrator, I am issuing a request to http://pod.threatpulse.com/api/v1/check_auth via the system browser to test the "check_auth" endpoint URL.

The request via the system browser returns "This site can't be reached" error message.

Environment

Symantec Agents: Enterprise Agent, WSS Agent: Sep Agent Tunnel Mode

SALM authentication with samlSystemBrowser = true enabled 

Windows or macOs

System Browser

Cause

The HAR file shows that the system browser upgraded the request from HTTP to HTTPS

in this case, Chrome's experimental feature, "HTTPS-Only Mode," was enabled causing the agent NOT to allow the request through.

The request must be sent over HTTP because the agent needs to monitor it to determine when authentication is finalized. The WSS agent ensures encryption by channeling it through the tunnel, ensuring it's always secure.

Direct access to this request is discouraged, as it's an internal process exclusively initiated by agent. If you attempt to issue these requests yourself, there's no assurance they'll traverse the tunnel, potentially disrupting authentication

Resolution

To address this, users are presented with a few options:

  1. Disable Chrome HTTPS-Only feature

    1. Open Google Chrome browser.

    2. In Chrome, click on the three dots in the top-right corner to open the menu.

    3. Select "Settings" from the dropdown menu.

    4. Scroll down and click on "Security" in the left sidebar.

    5. Under the "Security" section, toggle on "Always use secure connections".

    6. Close and reopen Chrome for the changes to take effect.

    Now, you'll experience HTTPS upgrades and receive warnings for insecure downloads. If you've enabled "Always use secure connections", Chrome will prioritize secure connections for enhanced protection.

     
  2. Use an alternative browser as their system browser

  3. Use the agent's WebView for authentication. You will need to disable samlSystemBrowser by setting to false. The default option is false, see Cloud SWG Reference: WSS Agent Configuration Options under additional information

    Note :: Each option carries its own set of pros, cons, and limitations, warranting careful consideration based on individual requirements and security priorities.

Additional Information

Powered by Wolken Software