Firefox Prompts for Credentials in Transparent SGOS Deployments Using SSL Interception

book

Article ID: 169144

calendar_today

Updated On:

Products

Asset Management Solution Data Center Security Monitoring Edition ProxySG Software - SGOS

Issue/Introduction

Before applying the fix provided in this article, refer to:
  • KB article 000027763 to configure transparent authentication while doing SSL Interception with a Microsoft PKI
  • KB article 000011330 if you are using a self-signed certificate

This article was written using the following software for testing:

  • SGOS 6.5.9.9 and 6.6.4.2
  • Windows 2008 Enterprise Server SP2 PKI.
  • Mozilla Firefox 47.0.0.1
Mozilla Firefox prompts for authentication credentials, this message displays the virtual URL used for authentication.

Cause

If we follow the steps provided in the articles mentioned previously, we will be configuring the hostname of the ProxySG as the virtual URL used for authentication. By default, Firefox does not allow automatic NTLM authentication to sites that are not FQDN, meaning that when we are redirected to this virtual URL, it will ask for credentials before it can successfully authenticate the user, as the browser will not recognize the name as an FQDN.

Resolution

Change the default behavior of automatic authentication for non-fqdn sites.
  1. In Mozilla Firefox, enter about:config in the Address bar.
  2. In the configuration screen, enter NTLM in the Search bar.
  3. Right click on network.automatic-ntlm-auth.allow-non-fqdn
  4. Click Modify
Note: There is no need for a browser restart.