AWS VPN Client Login Fails with Safari

The final step, after bouncing around to login, where the browser redirects to https://127.0.0.1:35001, completes auth, and says you can close the window, failed. Out of nowhere this week myself and others started receiving the error:

Safari Can’t Open the Page Safari can’t open the page “https://127.0.0.1:35001” because Safari can’t establish a secure connection to the server “127.0.0.1”.

I don't remember exactly what it did before, but it seems like Safari is trying to force HTTPS for what otherwise should be an HTTP endpoint? At least that's what's configured in our VPN app within AWS.

Things work fine if Chrome is the default browser and it seems to stick with HTTP there.

Any ideas? Thanks!

rePost-User-2914882
a month ago
The Application ACS URL is configured as "http://127.0.0.1:35001" in the AWS Identity Center application config, but Safari seems to try to upgrade to https which fails.
mrc-3550
a month ago
This has broken recently for us. We're having the same issue with 40+ users on MacOS Ventura and Sonoma. It appears to have something to do with forced HTTP Strict Transport Security (HSTS) and there is no way to prevent 'localhost' or '127.0.0.1' from being redirected to https. Firefox as default browser is our only current solution.
rePost-User-2914882
a month ago
Yeah. It seems there used to be a way to clear HTST for 127.0.0.1 or localhost but that was years ago. Seems to be nothing recent. Chrome users are having a similar issue but that may be coincidental (or an additional issue) where the SAML workflow is not handled properly. From another thread on Reddit it seems AWS is aware of these issues though but I've seen nothing in Health or any notices. Frustrating!

Topics

Networking & Content Delivery

Relevant content

How to redirect after after login using amplify?
MD AMIR SOHAIL
asked 7 months ago
AWS VPN Client not opening browser window for federated auth
Accepted Answer
Dan
asked 8 months ago
Safari Browser does not store ApiGateway + S3 app login cookie because this architecture leads to SameSite: None attribute
Fred
asked a year ago
Federated login fails after first login
nickwright321
asked a year ago
Where can I find SSH login credentials so that I can connect to my Lightsail instance from an SSH client?
AWS OFFICIALUpdated 2 years ago
How can I configure multiple users to use the same Client VPN endpoint?
AWS OFFICIALUpdated 2 years ago
How do I use the AWS CLI to configure a Client VPN?
AWS OFFICIALUpdated 5 months ago
How can I replace the certificates for my AWS Client VPN to resolve a TLS handshake error?
AWS OFFICIALUpdated 10 months ago
EMR Cluster failure with "Failed to start the job flow due to an internal error"
SUPPORT ENGINEER
Yokesh NK
published 9 days ago
Use AWS Client VPN to access workloads running on VMware Cloud on AWS
EXPERT
Sawab Ahmed
published 6 months ago