|
When a portable device such as a laptop is already connected to wired network and attempts to connect to wireless network, an SAML authentication request will not come through due to the fact that a wired connection is a preferred route to a wireless connection by default. This is because a wired network is always considered more reliable.
The result is that when a Wi-Fi user tries to connect to a Wi-Fi handshake such as a Wi-Fi Protected Access WPA 4-way handshake, it works as expected. However, the SAML request is sent on the wrong route, causing MFA to be bypassed if the answer is already cached from a previous successful attempt, or fails if the answer is not cached on SAML apps such as Azure Entra, Okta, FortiAuthenticator, and other vendors.
One alternative is to change network adapter settings locally on the connecting device to prefer Wi-Fi over Ethernet. However, this would also lead to issues such as the wireless device preferring a WiFi connection over a wired connection even if the wireless connection is intermittent or unreliable for any reason.
The other option is to basically disconnect wired connection until the WiFi completes authentication, or to avoid using the wired connection if only the WiFi connection is required.
|
