Operational Defect Database
BugZero found this defect 916 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
WatchGuard Technologies | kA16S000000SNZJSA4
Log ins to websites that use OAuth2/OpenID fail with "all proposed authentication schemes denied" error
Last update date:
11/15/2021
Affected products:
Firebox M200
Firebox M300
Firebox M270
Firebox M370
Firebox M470
Firebox M570
Firebox M670
Firebox M290
Firebox M390
Firebox M400
Firebox M500
Firebox M440
Affected releases:
All
Fireware
11.x
11.1.x
11.10.x
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
Fixed releases:
All
Description:
Issue
When you have an HTTPS-proxy policy with content inspection enabled, the Firebox denies log ins to websites that use OAuth2/OpenID for authentication with the reason "all proposed authentication schemes denied".
Workaround/Solution
For locally-managed Fireboxes, in Policy Manager: Identify and edit the HTTP proxy action that handled the outgoing request. Select HTTP Request > Authorization.Add Bearer as an allowed authentication type. For cloud-managed Fireboxes, in WatchGuard Cloud: Select Configure > Devices.Select a cloud-managed Firebox.Select Device Configuration. In the Security Services section, click Exceptions. Add a new HTTPS Decryption exception for the domain shown in the Host: section of the HTTP error page. For more information on how to add exceptions, see WatchGuard Cloud Help.
