Uploaded image for project: 'Traffic Server'
  1. Traffic Server
  2. TS-1491

Browser always prompts for authentication (NTLM)

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.2.4
    • Component/s: Core
    • Labels:
      None

      Description

      When the client surf through the ATS to a site of SharedPoint, the user get NTLM prompt message again and again.
      This is because of the reuse option that is turned on by default (u can turn it off with the proxy.config.http.share_server_sessions option).
      My attached patch turns on the private_session flag when the ATS gets auth connection, and then it will not use the reuse option for this connection.


      For further reading on this global bug in proxies:

      http://blogs.msdn.com/b/asiatech/archive/2012/03/28/ie-always-prompts-for-authentication-when-browsing-through-proxy-server.aspx

      Microsoft recommend at (http://technet.microsoft.com/en-us/library/cc995189.aspx):

      “we recommend that you use SSL encryption for the traffic between Forefront TMG and the client. NTLM authentication is per connection, and encryption prevents improper reuse of connections by legacy proxy devices on the Internet.”

        Attachments

          Activity

            People

            • Assignee:
              zwoop Leif Hedstrom
              Reporter:
              kopely Yakov Kopel
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - 1h
                1h
                Remaining:
                Remaining Estimate - 1h
                1h
                Logged:
                Time Spent - Not Specified
                Not Specified