OAuth and OAuth2 authentication fails while going through the ProxySG

book

Article ID: 171815

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

The purpose of this article is to provide an explanation to the behavior that occurs when using OAuth and OAuth2 while the proxy is intercepting those requests.

 

The site returns a 401 (or similar) response saying that the credentials are empty or invalid.

Cause

By default, the proxy strips the Authorization header within HTTPS connections to avoid leaking any user and password details.

Resolution

In order to send the Authorization header upstream regardless, authentication must be done in the destination server and not in the ProxySG, otherwise the header will be stripped from the request. This can be achieved by installing the following CPL code for the particular site:

<proxy>

url.domain=site.com authenticate(no, upstream_authentication)