HTTP header "Proxy-support : Session-based-authentication"


Article ID: 166549


Updated On:


ProxySG Software - SGOS


HTTP header "Proxy-support : Session-based-authentication"
You want information on the header "Proxy-support : Session-based-authentication"


This header was introduced in SGOS 3.2 to allow Internet Explorer to distinguish between an authentication challenge originating from a proxy or originating from a server. Normally, when Internet Explorer receives a 401 Authenticate NTLM challenge when an explicit proxy has been configured it will not issue a pop-up authentication request. The NTLM connection is designed to exist without an intermediary device like a proxy. If the browser detected proxy settings it would not allow the NTLM session to take place and suppress the pop-up. To workaround this problem Blue Coat developed a feature called 'Force NTLM on IE' which would send a 407 Proxy Authentication Required response to the client in order to obtain the credentials instead of a 401 Authenticate.

In SGOS 4, the 'Force NTLM on IE' feature is no longer necessary as we are instead returning the header "Proxy-support: Session-based-authentication". When Internet Explorer sees this header it will not suppress the pop-up when the 401 Authenticate is received.

Likewise if you have 'Force NTLM on IE' enabled as well as NTLM Proxy Authentication enabled, this new header makes it clear to the browser whether the challenge is for proxy authentication credentials or server credentials.