Solutions

Force refresh (CTRL+f5) in Firefox results in authentication popup

Solutions ID:    KB4921
Version:    4.0
Status:    Published
Published date:    02/13/2012
Updated:    03/27/2012
 

Problem Description

In Firefox, a force refresh (CTRL+f5) results in an authentication pop up box, see below, even if IWA authentication has been configured.

 

This issue is not present if the browser in use is Internet Explorer.

From a packet capture, as soon as you send a force refresh command,  you can see that:

in Firefox:

while in Internet Explorer:

Resolution

The issue is due to the way Internet Explorer interprets the response headers sent from the web server. Internet Explorer (by design, see Microsoft article 937479 at http://support.microsoft.com/kb/937479), will delete the file from the local browser cache before the user can even open it, if the response headers sent from the web server contain the following headers:

  • Pragma=No Cache
  • Cache-Control=No Cache

so, authentication with Internet Explorer just works fine when a force refresh (CTRL+f5) is sent.

Both browser are sending NTLM credentials in the same packets (see boxes coloured in purple, in the print screen above).
So the reason is a design choice of the Microsoft Corporation, not Blue Coat Technologies, Inc.

The Proxy cannot change this specific browser behaviour.

In order to bypass this problem, you can create a new authentication rule to intercept FIREFOX User-Agent and use “Proxy-IP” authentication mode.

For a detailed explanation about authentication mode, please refer to KB2877.

or, alternatively,

1. change the Firefox settings disabling the "security.enable_tls_session_tickets", in about:config: ; as described by http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries

2. insert the URIs with which to automatically authenticate via NTLM (Windows domain logon) into "network.automatic-ntlm-auth.trusted-uris" in about:config: ; as described by http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries and https://developer.mozilla.org/En/Integrated_Authentication

Check the URI you configured into Configuration->Authentication->IWA->IWA General->Virtual URL. Default value is http://cfauth.com

 

This solution might affect general behavior for your Firefox browser, for that BlueCoat cannot be considered responsible. For more details please refer to Mozilla technical support.

 

 

 


Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question