/
Windows - SSO not working, Unable to connect

Windows - SSO not working, Unable to connect

Owned by Matt Mcclaskey, created
Jan 28, 2025
4 min read

 Problem

When a user attempts to connect to a Windows Workspace where SSO is configured, SSO does not work resulting in one of two outcomes depending on Windows GPO or Local Policy settings.

  1. The user gets a blue screen with a message “Unable to connect. Please contact an administrator.”

  2. The user gets a Windows login screen and has to enter their credentials.

One cause of SSO not working in versions 1.16.1 and below, is a required SSO cookie not making its way from the user to the server. To verify if this is the case, go the Admin UI and go to Diagnostics->Logging and filter the Level to Warning. You may further filter the logs by hitting the More Filters… button and typing “cookie” in the Search Message field. If you see the following log entries for the effected user, you have confirmed this is the issue.

Client user_1@kasmweb.local guac_auth connection set to use SSO but no client key cookie present.

 Solution

The first step is to confirm whether or not the client has the cookie. To do this, have the user open up DevTools in their Browser and navigating to the Application tab. On the left hand pane, expand Cookies under Storage and select the site. Validate that the kasm_client_key cookie is present.

image-20250128-173137.png

In most cases, simply having the user log out and back in will resolve the issue. If having the user log out and back in does not resolve the issue or you need to get the the bottom of why this issue occurs, the following may be helpful.

Potential End-User Causes for Missing Cookies

1. Browser Settings

  • Explanation: Modern browsers provide settings to block cookies entirely, block third-party cookies, or restrict cookie functionality.

  • Fix: Check your browser settings:

    • Ensure cookies are enabled.

    • Allow cookies for the specific website in question.

    • Disable any "Block third-party cookies" setting if necessary for the application.

2. Browser Extensions or Add-ons

  • Explanation: Privacy-focused extensions, such as ad blockers or cookie managers, can block or delete cookies.

  • Fix: Temporarily disable browser extensions and refresh the page. If the issue resolves, identify the specific extension and adjust its settings to allow cookies for the application.

3. Private or Incognito Mode

  • Explanation: Browsers often block cookies or delete them at the end of a session when operating in private or incognito mode.

  • Fix: Switch to a normal browsing mode and test if cookies work correctly.

4. Incorrect System Time and Date

  • Explanation: Cookies rely on system time for expiration and validation. An incorrect system clock can cause cookies to be rejected.

  • Fix: Verify that your computer’s date and time are correct. Sync the system clock with an internet time server if needed.

5. Firewall or Antivirus Software

  • Explanation: Overly aggressive firewall or antivirus settings can interfere with cookies by blocking them or altering HTTP headers.

  • Fix: Temporarily disable the firewall or antivirus software to see if it resolves the issue. If so, update the settings to whitelist the web application.

6. Network-Level Restrictions

  • Explanation: Some corporate networks, public Wi-Fi, or parental control systems can block or filter cookies.

  • Fix: Test the application on a different network (e.g., mobile hotspot) to identify if the issue is network-related. Contact your network administrator if using a managed network.

7. Outdated Browser Version

  • Explanation: Older browser versions might not fully support modern cookie attributes like SameSite or secure cookies.

  • Fix: Update your browser to the latest version to ensure compatibility with modern cookie handling.

8. Cache and Cookie Corruption

  • Explanation: Corrupted cookies or browser cache can prevent proper functionality.

  • Fix: Clear your browser’s cache and cookies. Restart the browser and try accessing the application again.

9. Multiple Browser Profiles or Accounts

  • Explanation: Using multiple browser profiles or accounts can cause conflicts if cookies are stored separately for each profile.

  • Fix: Ensure you are using the correct browser profile and account for accessing the web application.

10. Operating System Policies

  • Explanation: Some operating systems or user accounts have group policies or parental controls that restrict cookie usage.

  • Fix: Check your system’s settings or consult with your IT administrator to ensure cookies are not restricted.

General Troubleshooting Steps for End-Users

  1. Test on a Different Browser: Use another browser to check if the issue persists.

  2. Check for Software Updates: Ensure your browser, operating system, and any extensions are up to date.

  3. Try a Different Device: Test the application on a different computer or mobile device to isolate the problem.

  4. Monitor Network Behavior: Temporarily switch to a different network to identify if the issue is network-related.

  5. Review System Logs: If you have access, review browser or system logs for errors related to cookie handling.

Conclusion

If you are experiencing issues with missing cookies in web application requests, the problem might be related to your local environment. By systematically addressing the potential causes outlined above, you can resolve the issue and restore proper functionality. If the problem persists, contact the Kasm Support team.

Impacted Versions:

Issues were first observed on the following versions, but may impact other versions as well.

  • <=1.16.1

Resolved Versions:

The issue is no longer applicable for the following and newer versions.

  • >=1.17.0

Related Docs:

 

Related content