SSL Transparent Proxy Authentication using IWA
My first URL is an HTTPS site and authentication fails
If my first URL is an HTTP site, then authentication works correctly
This document will walk you through the steps needed to setup SSL transparent proxy authentication.
The document uses the following as examples:
url.port=80 authenticate(nonSSL_Auth) authenticate.force(no) authenticate.mode(origin-cookie-redirect)
url.port=443 authenticate (SSL_Auth) authenticate.force(no) authenticate.mode(origin-cookie-redirect)
SSL AUTHENTICATION WITH BYPASSED SITES
This is the example policy that needs to be in place if you are bypassing certain sites for SSL interception and are doing SSL authentication. The key elements are in blue. This is an example that shows bypassing sites categorized with "financial services". Your specific policy may vary, but hopefully this will provide some idea of what needs to be done.
CONSIDERATIONS FOR INTERNET EXPLORER 8 (IE8) AND HIGHER
For Internet Explorer 8, please add the Virtual URL from step 3.d.ii. to Internet Explorer's 'Local intranet sites' in the browser configuration (Internet Options -> Security -> Local intranet -> Sites -> Advanced). This will prevent a pop-up from occurring for authentication credentials.