HTTP header "Proxy-support : Session-based-authentication"

Solutions ID:    KB1420
Version:    2.0
Status:    Published
Published date:    03/02/2009
Updated:    04/22/2009

Problem Description

HTTP header "Proxy-support : Session-based-authentication"
You want information on the header "Proxy-support : Session-based-authentication"


This header was introduced in SGOS 3.2 to allow Internet Explorer to distinguish between an authentication challenge originating from a proxy or originating from a server. Normally, when Internet Explorer receives a 401 Authenticate NTLM challenge when an explicit proxy has been configured it will not issue a pop-up authentication request. The NTLM connection is designed to exist without an intermediary device like a proxy. If the browser detected proxy settings it would not allow the NTLM session to take place and suppress the pop-up. To workaround this problem Blue Coat developed a feature called 'Force NTLM on IE' which would send a 407 Proxy Authentication Required response to the client in order to obtain the credentials instead of a 401 Authenticate.

In SGOS 4, the 'Force NTLM on IE' feature is no longer necessary as we are instead returning the header "Proxy-support: Session-based-authentication". When Internet Explorer sees this header it will not suppress the pop-up when the 401 Authenticate is received.

Likewise if you have 'Force NTLM on IE' enabled as well as NTLM Proxy Authentication enabled, this new header makes it clear to the browser whether the challenge is for proxy authentication credentials or server credentials.

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question