Firefox Prompts for Credentials in Transparent SGOS Deployments Using SSL Interception
Article ID: 169144
Asset Management SolutionData Center Security Monitoring EditionProxySG Software - SGOS
Before applying the fix provided in this article, refer to:
KB article 000027763 to configure transparent authentication while doing SSL Interception with a Microsoft PKI
KB article 000011330 if you are using a self-signed certificate
This article was written using the following software for testing:
SGOS 220.127.116.11 and 18.104.22.168
Windows 2008 Enterprise Server SP2 PKI.
Mozilla Firefox 22.214.171.124
Mozilla Firefox prompts for authentication credentials, this message displays the virtual URL used for authentication.
If we follow the steps provided in the articles mentioned previously, we will be configuring the hostname of the ProxySG as the virtual URL used for authentication. By default, Firefox does not allow automatic NTLM authentication to sites that are not FQDN, meaning that when we are redirected to this virtual URL, it will ask for credentials before it can successfully authenticate the user, as the browser will not recognize the name as an FQDN.
Change the default behavior of automatic authentication for non-fqdn sites.
In Mozilla Firefox, enter about:config in the Address bar.
In the configuration screen, enter NTLM in the Search bar.
Right click on network.automatic-ntlm-auth.allow-non-fqdn