We are in a process of deploying MWG and we are configuring authentication with NTLM. The configuration works and users are being authenticated and if the browser doesn't support auth (safari) the user is being prompted to proide credentials.
How do I disable that? I still want users to be prompted for creds, but if they are not provided automatically by the browser I do not want the users to be prompted for them.
I am trying to work our a rule that would do that, but unfortunately there is no 'else' statement.
Use something like that:
Authentication.Authenticate<NTLM> equals false AND
Authentication.Failed equals false
It's a trick that makes authentication TRY, but if if fails, nothing will happen and no reauthentication request will be sent.
But there can be another issue. When proxy asks about authentication, browser will not try logged in credentials and will make a pop-up window for user asking him to enter credentials. This is browser side issue. No ideas about safari, not using this.
We started configuring TRY authentication, but looking in McAfee's documentation for WCCP they recomend use Auth Server. I did not see anywhere stated that we can use Try Auth instead of Auth Server. I guess I am being extra careful not to over-complicate things or make our configuration non-standard and not supported.