Solutions

Achieving single sign-on with the ProxySG

Solutions ID:    KB1436
Version:    2.0
Status:    Published
Published date:    03/02/2009
Updated:    04/22/2009
 

Problem Description

Achieving single sign-on with the ProxySG
You want to achieve single sign-on

Resolution

Single sign-on requires that the following all be true....

    If users are explicitly proxied in the browser:
    1. That the user has logged into the domain
    2. That the ProxySG has been configured to use NTLM as the authentication protocol
    3. That the browser is Internet Explorer
    4. That the SG has been configured to receive requests from users on a explicit port configured to return a 407 Proxy Authorization Required response (service port attribute 'Authenticate-401' must be unchecked)

    If users are transparently being redirected in the network:
    1. That the user has logged into the domain
    2. That the ProxySG has been configured to use NTLM as the authentication protocol
    3. That the browser is Internet Explorer
    4. That the ProxySG has been configured to receive requests from users on a transparent port configured to return a 401 Authenticate response (service port attribute 'Authenticate-401' must be checked)
    5. That you have configured the ProxySG's virtual-url to be a one word hostname
    6. That the user's configured DNS is able to resolve the virtual-url

NOTE: The reason that the virtual-url has to be a one word hostname is that in Internet Explorer one word hostnames are automatically believed to be a 'trusted' site and thus will automatically provide credentials to such a site.


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question