Force refresh (CTRL+f5) in Firefox results in authentication popup
In Firefox, a force refresh (CTRL+f5) results in an authentication pop up box, see below, even if IWA authentication has been configured.
This issue is not present if the browser in use is Internet Explorer.
From a packet capture, as soon as you send a force refresh command, you can see that:
while in Internet Explorer:
The issue is due to the way Internet Explorer interprets the response headers sent from the web server. Internet Explorer (by design, see Microsoft article 937479 at http://support.microsoft.com/kb/937479), will delete the file from the local browser cache before the user can even open it, if the response headers sent from the web server contain the following headers:
so, authentication with Internet Explorer just works fine when a force refresh (CTRL+f5) is sent.
Both browser are sending NTLM credentials in the same packets (see boxes coloured in purple, in the print screen above).
The Proxy cannot change this specific browser behaviour.
In order to bypass this problem, you can create a new authentication rule to intercept FIREFOX User-Agent and use “Proxy-IP” authentication mode.
For a detailed explanation about authentication mode, please refer to KB2877.
1. change the Firefox settings disabling the "security.enable_tls_session_tickets", in about:config: ; as described by http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries
2. insert the URIs with which to automatically authenticate via NTLM (Windows domain logon) into "network.automatic-ntlm-auth.trusted-uris" in about:config: ; as described by http://kb.mozillazine.org/Firefox_:_FAQs_:_About:config_Entries and https://developer.mozilla.org/En/Integrated_Authentication
Check the URI you configured into Configuration->Authentication->IWA->IWA General->Virtual URL. Default value is http://cfauth.com
This solution might affect general behavior for your Firefox browser, for that BlueCoat cannot be considered responsible. For more details please refer to Mozilla technical support.
Rate this Page
Please take a moment to complete this form to help us better serve you.