b/328541430 Document resolution for HSTS sign-in issues (#1316)

Ref #1313
GoogleCloudPlatform · Mar 7, 2024 · 3be77f1 · 3be77f1
1 parent 1394c5f
commit 3be77f1
Showing 1 changed file with 34 additions and 1 deletion.
diff --git a/doc/site/sources/docs/troubleshooting-signin.md b/doc/site/sources/docs/troubleshooting-signin.md
@@ -59,4 +59,37 @@ As a Cloud Identity or Workspace administrator, you can fix this error by allow-
     !!!Note
         IAP Desktop doesn't use any [restricted API scopes :octicons-link-external-16:](https://support.google.com/cloud/answer/13464325).
 
-1.  On the **Review** page, confiirm your choice of settings and click **Finish**.
+1.  On the **Review** page, confiirm your choice of settings and click **Finish**.
+
+
+
+## :material-message-alert:  "This site can't provide a secure connection" 
+
+**Symptom**: After completing the Google sign-in process, Chrome shows an error page:
+
+<blockquote>
+    This site can't provide a secure connection
+    <br>
+    localhost sent an invalid response
+    <br><br>
+    Try running Windows Network diagnostics.
+    <br><br>
+    SSL_PROTOCOL_ERROR
+</blockquote>
+
+This error indicates an [HTTP Strict Transport Security (HSTS) :octicons-link-external-16:](https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security) issue.
+
+You might have previously ran a web server on your local computer that instructed Chrome 
+to only accept HTTPS connections from `localhost` by setting an `Strict-Transport-Security` 
+header. This setting now prevents Chrome from passing the sign-in result back to IAP Desktop
+over HTTP.
+
+You can fix this error by doing the following:
+
+1.   In Chrome, navigate to `chrome://net-internals/#hsts`
+1.   Under **Delete domain security policies**, enter `localhost` and click **Delete**.
+
+Now try signing in again:
+
+1.   On the IAP Desktop sign-in screen, click **Cancel sign-in**.
+1.   Click **Sign-in** to start a new sign-in attempt.