WSS Agent used for sending internet traffic into Cloud SWG.

SAML authentication enabled to Microsoft Entra Identity Provider.

WSS Agent devices were configured to automatically log into Office 365 accounts.

During the initial rollout, a handful of WSS Agent devices were presented with the Entra login page but the following error was rendered at the bottom of the page:

"Page load error: An SSL error has occurred and a secure connection to the server cannot be made."

The Entra IDP server domain (login.microsoftonline.com) was bypassed from WSS Agent and the Wireshark trace confirmed that the communication was going DIRECT and no SSL handshake errors appeared.

SEP mobile users, running on IOS and integrated into the same Cloud SWG tenant, also failed to authenticate.

SEP Mobile.

WSS Agent.

SAML Redirect binding.

Microsoft Entra SAML identity Provider.

User agent unable to handle the SAML request/responses sent with HTTP header.