Google Chrome prompts for credentials using NTLM in transparent IWA (Direct/BCAAA) deployment with SSL interception

book

Article ID: 169143

calendar_today

Updated On:

Products

Asset Management Solution Data Center Security Monitoring Edition ProxySG Software - SGOS

Issue/Introduction

Before applying the fix provided in this article, refer to:

  • KB article 000027763 to configure transparent authentication while doing SSL Interception with a Microsoft PKI
  • KB article KB3930 if you are using a self-signed certificate

This article was written using the following software for testing:

  • SGOS 6.5.9.9 and 6.6.4.2
  • Windows 2008 Enterprise Server SP2 PKI.
  • Google Chrome 52.0.2743.82 m​

Google Chrome prompts for authentication credentials while the address bar in the browser displays the virtual URL used for authentication.

    Cause

    When the name of your ProxySG appliance must be within your Trusted Sites due to your network deployment structure, the default option for User Authentication in the Trusted Sites Security Settings is set to "Automatic logon only in Intranet zone", which excludes sites located in the Trusted Sites. Thus, the browser prompts for credentials.

    Resolution

    Workaround

    Change the User Authentication mode in the Trusted Sites Security settings.

    1. In Internet Options, select Security > Trusted Sites > Custom level > User Authentication - Logon.
    2. Select Automatic logon with current user name and password.
    3. Save the changes.