Unable to play video streaming via Web Gateway Cloud Service with SAML Authentication enabled
Technical Articles ID:
KB94981
Last Modified: 10/28/2021
Environment
McAfee Web Gateway Cloud Service configured to use SAML authentication
Problem
When you’re routing traffic through McAfee Web Gateway Cloud Service and enable the SAML Authentication feature, if you try to watch a streamed video, you see an error similar to the following:
<Error Message>
Refused to connect to 'https://saml.saasprotection.com/mwg-internal/de5fs23hu73ds/plugin?target=Auth&reason=Auth&setCookie=
true&cookiePrefix=MWG_Auth&cookieSize=16384&ttl=57600&Persistent=yes&ip=yes&url=aHR0cHM6Ly8xNTF2b2QtYWRhcHRpdmUuYWthbWFpemVkLm5ldC9leHA9MTYxOTUyNzIxN35hY2w9LzE4NTQzNTk1MC8qfmhtYWM9M2U5N2E
wMmQwYzc4MTRmNTFlNTJhYjc2NGI0NzdhNzlkYjllYzUzMjE0MmFkNDBjNjVmNmVmMTExYTAzZThlZC8xODU0MzU5NTAvc2VwL3ZpZGVvLzYxMjAwNDAz
OCw2MTIwMDQwNDIsNjEyMDA0MDQxL21hc3Rlci5qc29uP2Jhc2U2NF9pbml0PTE%3D&rnd=1619523325'
CORS policy on the page forbids connection to saml.saasprotection.com by setting a list of allowed domains. Web Gateway then fails to authenticate the user.
Cookie authentication needs to redirect to saml.saasprotection.com to set a cookie, but the redirect fails due to CORS policy. Loading the video fails and you see the error.
Solution
This issue is a current product limitation.
Workaround
Use a different authentication method, such as McAfee Client Proxy.
