Achieving single sign-on with the ProxySG


<< Back to Knowledge Search

Solution

Overview

Achieving single sign-on with the ProxySG
You want to achieve single sign-on

Cause
Resolution

Single sign-on requires that the following all be true....

    If users are explicitly proxied in the browser:
    1. That the user has logged into the domain
    2. That the ProxySG has been configured to use NTLM as the authentication protocol
    3. That the browser is Internet Explorer
    4. That the SG has been configured to receive requests from users on a explicit port configured to return a 407 Proxy Authorization Required response (service port attribute 'Authenticate-401' must be unchecked)

    If users are transparently being redirected in the network:
    1. That the user has logged into the domain
    2. That the ProxySG has been configured to use NTLM as the authentication protocol
    3. That the browser is Internet Explorer
    4. That the ProxySG has been configured to receive requests from users on a transparent port configured to return a 401 Authenticate response (service port attribute 'Authenticate-401' must be checked)
    5. That you have configured the ProxySG's virtual-url to be a one word hostname
    6. That the user's configured DNS is able to resolve the virtual-url

    NOTE: The reason that the virtual-url has to be a one word hostname is that in Internet Explorer one word hostnames are automatically believed to be a 'trusted' site and thus will automatically provide credentials to such a site.

    Workaround
    Additional Information
    Bug Number
    InQuira Doc IdKB1436
    Attachment

    Article Feedback

    Hide Properties
    First Published      10/01/2014
    Last Modified      10/01/2014
    Last Published      10/01/2014
    Article Audience
    Product      ProxySG
    Software      SGOS 4, SGOS 5
    Topic      Authentication
    Article Number      000007729
    Summary     
    Was this helpful?
    Comments:
     
    Previous MonthNext Month
    SunMonTueWedThuFriSat