My company has deployed an SSO solution using Duende Identity Server and Okta
We are using a proxy as the middleman between Identity Server and Okta:
https://apacwelcome.saas.mrisoftware.com
99% of customers have no issues connecting to the proxy, however we have had a few who are getting either err_tunnel_connection_failed
or err_connection_timed_out
.
We have got the users to try everything we have found on Google, but nothing works. eg Incognito mode, different browser, reset computer, use a different computer, and these commands:
ipconfig /flushdns
ipconfig /release
ipconfig /renew
netsh int ip set dns
netsh winsock reset
This only happens when they're on their office wifi. If they switch to their cell phone hotspot, use their home wifi, or a VPN, it works fine.
They have confirmed with their IT department that the URLs are not being blocked.
Here you can see the 502 returned:
However, once the company's VPN is used, it works fine:
We have had users also report that it was originally working, and then one day it stopped and they consistently get err_connection_timed_out
from now on.
Does anyone know why this is happening to some users?
Can there be some settings in office wifi setups that would prevent that site from being reached?
The IT department is sure there is nothing set up on the network to block that URL.