How to perform WSS Agent SAML authentication in system default Browser?
Article ID: 388038
Updated On:
Products
Issue/Introduction
User is getting Windows application notification stating Authentication Required for Symantec WSS Agent
WSS Agent requests SAML authentication which opens system default browser
Multiple tabs get opened in browser while WSS Agent requests for SAML authentication with their IdP (i.e. Identity Provider).
Environment
WSS Agent is installed with custom config option samlSystemBrowser=true
SAML authentication is enabled for WSS Agent
Resolution
When user start/restart his system, WSS Agent will prompt end user to perform SAML authentication in system default browser.
To avoid multiple authentication tab opening in browser user must be aware of the following steps inorder to complete WSS Agent's SAML authentication successfully.
Important note: Following steps end user needs to complete for the very first authentication request in the system default browser for seemless experience.
Step-1: Symantec WSS Agent Requesting for SAML authentication - user will receive this pop-up if Windows app notification is enabled
At this time WSS Agent status will be "Waiting for user Authentication".
Step-2: Automatically system default browser will be launched and a new tab will opened redirecting end user to their organization's IdP(i.e. Identity Provider like Azure, Okta, PingID, etc..) portal to complete SAML authentication.
End user must enter their valid credential and complete authentication along with MFA (Multi-factor authentication) code if requested by IdP.
Note: If system browser has valid IdP session cookie then it might not ask end user to enter credential and it will automatically redirected to Authentication Succeeded page mentioned in Step-3.
Step-3: Post successful authentication with IdP user will get automatically redirected to the following page stating "Symantec Cloud Secure Web Gateway Authentication Succeeded".
Once end user will get this page that means WSS Agent's SAML authentication has been completed successfully. End user can close this tab in browser if required.
Step-4: (Verification)
WSS Agent Status will now changed to Green and it will display appropriate Username which is authenticated successfully.
Note: If you still see WSS Agent Status as Waiting for user Authentication or unauthenticated then it indicate that user have not successfully completed very first SAML authentication requested by WSS Agent in system browser and user will get multiple tab opened in browser requesting for SAML authentication. To resolve this either clear browser cache or close the browser then Click Reconnect on WSS Agent Status tab, it will then again request for SAML authentication in the system default browser and make sure to complete that specific SAML authentication request for WSS Agent in system browser.
Additional Information
Useful reference links:
Feedback
