Browser access - CNAME change with authentication loop

Hi all - we have configured browser access for a private app. Everything works fine with the authentication flow with our IdP into the private app through the normal reverse proxy public host URL.

We have set the CNAME of a custom host to revert to the public host URL. When we go to the custom host URL, it goes into a loop where it authenticates fine then tries to resolve to the custom host (not the public host reverse proxy URL) and creates an indefinite loop (IdP → netskope SAML → IdP). We confirmed with the SAML tracer that it indeed keeps resolving to the custom host URL and not the public host URL as intended.

Anyone had the issue and hot to resolve it?

Page 1 / 1

@ChrisG,

It appears that something might be misconfigured or an incorrect behavior on the Netskope side. I’d suggest opening a case with the SAML tracer and HAR capture attached. Please DM me the case number once opened and I’m happy to take a look. We will need to validate the SAML and DNS configs.

Thank you.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded