Latest Google Chrome breaks AWS Client VPN SAML Auth
I'm on Google Chrome 123.0.6312.58-1 (Ubuntu 22.04.4 amd64) that got updated to this version today. Since this version I'm not able to authenticate to AWS Client VPN with Okta SAML:
2024-03-20 19:35:15.978 +02:00 [DBG] >LOG:1710956115,,AUTH: Received control message: AUTH_FAILED,CRV1:R:instance-1/73[…]
Fellow team mates confirmed they have the same experience on latest Chrome on Linux and on Windows. Alt browsers like Firefox and MS Edge work just find and don't fail AWS Client VPN authentication.
Any hints on how to resolve?
UPD: AWS Client VPN version is 3.12.1
UPD2: Chrome on Windows
UPD3: same has been reported by someone else on Reddit — https://www.reddit.com/r/aws/comments/1bjh4he/windows_aws_vpn_client_not_working_with_latest/
- Más nuevo
- Más votos
- Más comentarios
I've received confirmation that the aws client vpn team is aware of the issue and are addressing it, ref. I've also found that this chrome update is affecting other sso clients I use. It is still possible to use chrome and work around this, while the clients address their underlying issues, disable the chrome flag (chrome://flags/) "Reduce waiting time for Private Network Access preflights response"
Thanks for the update. Some workarounds are already mentioned at https://www.reddit.com/r/aws/comments/1bjh4he/windows_aws_vpn_client_not_working_with_latest/
Are you sure about the "Reduce waiting time for Private Network Access preflights response"? I can't get how the reduced timeout could be helping to workaround HTTP vs HTTPS related issue(s)...
Contenido relevante
OFICIAL DE AWSActualizada hace 9 meses- OFICIAL DE AWSActualizada hace 10 meses
- OFICIAL DE AWSActualizada hace un año
- OFICIAL DE AWSActualizada hace 2 años
This is also happening at my org for users on both Mac and Linux, each using clients 3.9.1 and 3.12.1, respectively. Azure SAML in our case.
Best not to upgrade your browsers it seems. Safari broke for me first. Chrome worked but then I went to check the version and that point it helpfully upgraded, breaking that work around. Just wanted to chime in and add Latest macOS/Safari/VPN Client/Chrome and very broken. Using Google as our SAML/Idp with the Application ACS URL configured as "http://127.0.0.1:35001". Others have tried to change that to https with no luck.
My re:Post: https://repost.aws/questions/QUrtBrUIkeQjCWINLH-g3RDA/aws-vpn-client-login-fails-with-safari