I'm using MWG 188.8.131.52 in reverse proxy scenario, using Next hop proxy to get to the published web server. The web server itself uses Integrated windows authentication (Windows AD) so when I access it from the Internet I get the pop up window for authentication.
My goal is to use some kind of forms base authentication on the MWG itself. I used the existing ruleset for Cookie authentication with login page which seems to work fine but after entering credentials on the MWG login page I get the pop up window for windows authentication from the web server itself.
So my question is - is there a way to forward the credentials entered on the MWG login page to the web server ?
In order to get that done, you need to make MWG do basic authentication in some way. That will generate a 401 reqeust - web server authentication. The result is an authorization header which MWG will be able to forward to the destination, which then also must support basic auth.
NTLM is designed for the 1st hop only and cannot be relayed.
Michael Schneider Lead Product Manager for Web Protection (•‿•)