Force refresh (CTRL+f5) in Firefox results in authentication popup

Solution

Overview

In Firefox, a force refresh (CTRL+f5) results in an authentication pop up box, see below, even if IWA authentication has been configured.

This issue is not present if the browser in use is Internet Explorer.

From a packet capture, as soon as you send a force refresh command,  you can see that:

In Firefox:

While in Internet Explorer:

 

 

Cause
Resolution

The issue is due to the way Internet Explorer interprets the response headers sent from the web server. Internet Explorer (by design, see Microsoft article 937479), will delete the file from the local browser cache before the user can even open it, if the response headers sent from the web server contain the following headers:

  • Pragma=No Cache
  • Cache-Control=No Cache
so, authentication with Internet Explorer just works fine when a force refresh (CTRL+f5) is sent.
 
Both browser are sending NTLM credentials in the same packets (see boxes coloured in purple, in the print screen above). So the reason is a design choice of the Microsoft Corporation, not Blue Coat Technologies, Inc.
 
The Proxy cannot change this specific browser behaviour. 
 
In order to bypass this problem, you can create a new authentication rule to intercept FIREFOX User-Agent and use “Proxy-IP” authentication mode.
 
 
For a detailed explanation about authentication mode, please refer to KB2877 or, alternatively:
 
  1. Change the Firefox settings disabling the "security.enable_tls_session_tickets", in about:config: ; as described by http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries


     
  2. Insert the URIs with which to automatically authenticate via NTLM (Windows domain logon) into "network.automatic-ntlm-auth.trusted-uris" in about:config: ; as described by http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries and https://developer.mozilla.org/En/Integrated_Authentication

    Check the URI you configured into Configuration->Authentication->IWA->IWA General->Virtual URL. Default value is http://cfauth.com

     


This solution might affect general behavior for your Firefox browser, for that BlueCoat cannot be considered responsible. For more details please refer to Mozilla technical support.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4921
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat