Skip to main content
Solved

Browser access - CNAME change with authentication loop

  • April 7, 2025
  • 1 reply
  • 85 views
C

Hi all - we have configured browser access for a private app. Everything works fine with the authentication flow with our IdP into the private app through the normal reverse proxy public host URL.

 

We have set the CNAME of a custom host to revert to the public host URL. When we go to the custom host URL, it goes into a loop where it authenticates fine then tries to resolve to the custom host (not the public host reverse proxy URL) and creates an indefinite loop (IdP → netskope SAML → IdP). We confirmed with the SAML tracer that it indeed keeps resolving to the custom host URL and not the public host URL as intended.

 

Anyone had the issue and hot to resolve it?

Best answer by sshiflett

@ChrisG

It appears that something might be misconfigured or an incorrect behavior on the Netskope side.  I’d suggest opening a case with the SAML tracer and HAR capture attached.  Please DM me the case number once opened and I’m happy to take a look.   We will need to validate the SAML and DNS configs. 

Thank you. 

    Rohit_Bhaskar
    This topic has been closed for replies.

    1 reply

    S
    Netskope Employee
    Forum|alt.badge.img+16
    • sshiflett
    • Netskope Employee
    • Answer
    • April 10, 2025

    @ChrisG

    It appears that something might be misconfigured or an incorrect behavior on the Netskope side.  I’d suggest opening a case with the SAML tracer and HAR capture attached.  Please DM me the case number once opened and I’m happy to take a look.   We will need to validate the SAML and DNS configs. 

    Thank you. 

    Sam Shiflett | Netskope Solution Architect - North America
    Rohit_Bhaskar

    Badges Winner

    Show all badges

    Not finding what you're looking for?

    Don't be shy and let us know about your challenge.

    Ask your question here!
    Terms & ConditionsCookie settingsAccessibility statement