Google Chrome prompts for credentials using NTLM in transparent IWA (Direct/BCAAA) deployment with SSL interception

Article Id: 169143
Status: Published
Updated On: 13-05-2017 12:22
Legacy Id: TECH245972
Products:
Asset Management Solution , Data Center Security Monitoring Edition , ProxySG Software - SGOS
Issue/Introduction:

Before applying the fix provided in this article, refer to:

  • KB article 000027763 to configure transparent authentication while doing SSL Interception with a Microsoft PKI
  • KB article KB3930 if you are using a self-signed certificate

This article was written using the following software for testing:

  • SGOS 6.5.9.9 and 6.6.4.2
  • Windows 2008 Enterprise Server SP2 PKI.
  • Google Chrome 52.0.2743.82 m​

Google Chrome prompts for authentication credentials while the address bar in the browser displays the virtual URL used for authentication.

    Cause:

    When the name of your ProxySG appliance must be within your Trusted Sites due to your network deployment structure, the default option for User Authentication in the Trusted Sites Security Settings is set to "Automatic logon only in Intranet zone", which excludes sites located in the Trusted Sites. Thus, the browser prompts for credentials.

    Resolution:

    Workaround

    Change the User Authentication mode in the Trusted Sites Security settings.

    1. In Internet Options, select Security > Trusted Sites > Custom level > User Authentication - Logon.
    2. Select Automatic logon with current user name and password.
    3. Save the changes.