After upgrading to 5.3.2.1, web sites that require authentication no longer work

Solution

Overview

After upgrading to 5.3.2.1, web sites that require authentication no longer work

Cause
Resolution

Symptoms :

Two things need to happen for this issue to occur :

1. The OCS (web server) needs to require authentication
2. The request matches a rule on the ProxySG that bypasses authentication, either in the visual policy manager, or the local policy file


Problem :

The behavior of the standard "Do not authenticate" action was changed, it will not pass credentials over to the OCS like it used to. That causes the proxy to forward the request without the username/password entered by the user.


Solution :

The fix for this is to change the action on the policy rule(s).

For VPM rules, open the visual policy manager and go through the different layers and look for rules with an action called "Do not authenticate". Right-click on the action object, click "Set...", and choose "Do not authenticate (Forward Credentials)

If you use a local or central policy file, edit those files and replace the standard action "authenticate(no)" with the new one which is "authenticate(no, upstream_authentication)".


With the modifications in place, the proxy will forward the credentials over to the OCS and the authentication problem should be resolved.

Please refer to the Configuration and Management Guide if you need assistance modifying your VPM or local policy.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB1008
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat