6 Replies Latest reply on Apr 26, 2010 10:05 AM by FastRoad

    non-transparent proxy not allowing login prompt for external site

      I'll preface this question some information.  All outbound http/80 traffic must authenticate an ldap authenticated proxy.  My firewall is running 70102 with the latest patches.

       

      The ever increasing problem is that external entities host login protected SharePoint sites over http.  After my user authenticates my proxy the firewall tries to pass my user's credentials to the SharePoint site.  So, the users gets any number of "unautharized" 401 errors come back.

       

      The only way around this that I have found is to build a proxy_bypass rule using a tcp/80 packet filter with a destination group containing the site(s) in question.  An authenticator is not an option for a packet filter rule.  Then, I have to get my server team to add the domain in question to an IE proxy exception GPO.  Depending on how many of these GPOs the server team wants to manage it usually end up that we make this change for everyone in the organization (thousands of end-users) for a slim few that actually access the site.

       

      I'm wondering why won't the rule using a non-transparent proxy instead of the packet filter allow the Sharepoint site to prompt for login?  I'm trying the non-transparent proxy with no authenticator defined.  The local credentials are still being passed and failing.

       

      Someone educate me...

       

       

      Message was edited by: FastRoad on 4/23/10 11:39:18 AM CDT