Google Chrome prompts for credentials using NTLM in transparent IWA (Direct/BCAAA) deployment with SSL interception
book
Article ID: 169143
calendar_today
Updated On:
Products
Asset Management SolutionData Center Security Monitoring EditionProxySG Software - SGOS
Issue/Introduction
Before applying the fix provided in this article, refer to:
KB article 000027763 to configure transparent authentication while doing SSL Interception with a Microsoft PKI
KB article KB3930 if you are using a self-signed certificate
This article was written using the following software for testing:
SGOS 6.5.9.9 and 6.6.4.2
Windows 2008 Enterprise Server SP2 PKI.
Google Chrome 52.0.2743.82 m
Google Chrome prompts for authentication credentials while the address bar in the browser displays the virtual URL used for authentication.
Cause
When the name of your ProxySG appliance must be within your Trusted Sites due to your network deployment structure, the default option for User Authentication in the Trusted Sites Security Settings is set to "Automatic logon only in Intranet zone", which excludes sites located in the Trusted Sites. Thus, the browser prompts for credentials.
Resolution
Workaround
Change the User Authentication mode in the Trusted Sites Security settings.
In Internet Options, select Security > Trusted Sites > Custom level > User Authentication - Logon.
Select Automatic logon with current user name and password.