HTTP header "Proxy-support : Session-based-authentication"


<< Back to Knowledge Search

Solution

Overview

HTTP header "Proxy-support : Session-based-authentication"
You want information on the header "Proxy-support : Session-based-authentication"

Cause
Resolution

This header was introduced in SGOS 3.2 to allow Internet Explorer to distinguish between an authentication challenge originating from a proxy or originating from a server. Normally, when Internet Explorer receives a 401 Authenticate NTLM challenge when an explicit proxy has been configured it will not issue a pop-up authentication request. The NTLM connection is designed to exist without an intermediary device like a proxy. If the browser detected proxy settings it would not allow the NTLM session to take place and suppress the pop-up. To workaround this problem Blue Coat developed a feature called 'Force NTLM on IE' which would send a 407 Proxy Authentication Required response to the client in order to obtain the credentials instead of a 401 Authenticate.

In SGOS 4, the 'Force NTLM on IE' feature is no longer necessary as we are instead returning the header "Proxy-support: Session-based-authentication". When Internet Explorer sees this header it will not suppress the pop-up when the 401 Authenticate is received.

Likewise if you have 'Force NTLM on IE' enabled as well as NTLM Proxy Authentication enabled, this new header makes it clear to the browser whether the challenge is for proxy authentication credentials or server credentials.

Workaround
Additional Information
Bug Number
InQuira Doc IdKB1420
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      SGOS 4, SGOS 5
Topic      Authentication, Configuration / WUI / CLI, Networking, Policy Management
Article Number      000011566
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat