Users are seeing this error when connecting to HTTPS sites using CONNECT and Origin-Style Redirection or form redirect modes in explicit proxy.
"Cannot use form authentication for CONNECT method (explicit proxy of https URL)"
This error occurs when authentication is done via a form redirect mode, and a workstation send a 'Connect' request to the proxy.
A connect request is how a browser, that is explicitly configured to use a proxy, asks to open secure connection on a port that isn't 80.
For example, typing in https://www.verisign.com in a browser would generate a request that looks like this :
By standard, it is not possible to redirect a 'Connect' request as this is a tunneled connection. Since this traffic is not being decrypted the proxy cannot access whatever is inside that tunnel, to send a redirect and point the browser to the authentication form.
NOTE: This is not a product limitation. Browsers, by design, do not follow redirects when the HTTP method used was 'Connect' for security reasons.
There are two possible solutions in order to resolve this issue:
allow http.method=CONNECT authenticate.mode(proxy) authenticate(ldap)
allow authenticate(cert) authenticate.mode(origin-cookie-redirect)