One of our user having access of govt website. They using the biometric authentication login those websites. Biometric device is connected via USB. They using tunnel 1.0 forwarding method. Without Zscaler it work fine. while turning on we facing error. we checked the logs it seems to fine.
SSL inspection for the Biometric side ?
It could be SSL inspection, but it might also be browser configuration.
When you browse to the website without Zscaler - what Internet Zone is the site in? With Zscaler ZTunnel1.0, what interenet Zone is the site in.
Biometric SSO often takes the internet zone configuration to trigger authentication. So - without Zscaler it might be in “intranet zone” and perform SSO, but with Zscaler it’s moved to Internet zone and SSO is blocked. Add the site to the “trusted sites” zone.
If the Biometric is triggering client certificate authentication, then SSL inspection will break the mTLS authentcation. Take a PCAP with/without Zscaler to see what’s happening. If, without Zscaler, you see a ServerHello response which includes a challenge for client certificates and the client selecting one in a subsequent request - then it’s an indicator that the site needs to be bypassed from Zscaler SSL inspection.
Thanks for the response,
Reported website is hosted publicly. User location is dubai. For Dubai government sites they set as bio metric authentication. We tried to add the destination URL in VPN gateway as well as in PAC. We checked destination sites is bypassed successfully. Biometric authentication is not happened.