1 2 3 Previous Next 21 Replies Latest reply: Dec 14, 2012 8:48 AM by asabban RSS

    Webgateway requesting password

    Bruno Caldas

      Hello Guys .

       

      when trying to access the site webgateway password prompts

       

       

      http://ortc-prd-saeast1-s0016.realtime.co.

       

      some help to jump this request  ?

       

      Bruno Caldas


        • 1. Re: Webgateway requesting password
          georgec

          Post a printscreen please. I have no idea what you're saying

          • 2. Re: Webgateway requesting password
            Bruno Caldas

            This is the error screen.

             

             

            erro_ig.png

             

            Thanks

            • 3. Re: Webgateway requesting password
              georgec

              There are a lot of things to check. What kind of authentication method are you using? And have you checked if your version of firefox is compatible with that?

              • 4. Re: Webgateway requesting password
                Bruno Caldas

                I'm using LDAP authentication mode in webgateway and I believe that this problem is happening because firefox does not work with NTLM.

                 

                is it this?

                 

                Bruno Caldas

                • 5. Re: Webgateway requesting password
                  georgec

                  Use NTLM or Kerberos if you want the Signle Sign On feeling. And I don't know which versions of firefox know what. Both NTLM and Kerberos work with IE

                  • 6. Re: Webgateway requesting password
                    Bruno Caldas

                    Thanks for the information, I will check.

                     

                    Bruno Caldas

                    • 7. Re: Webgateway requesting password
                      asabban

                      Hello,

                       

                      I do not believe that this is a matter of authentication. The problem is located at the website and the services they embedd. This is what I observed. The website embedds content from "realtime.co" which uses web sockets to push messages to the client. Basically there is nothing wrong with this, but it seems that the client part (running on the users PC when accessing the web site) is not fully proxy aware. Instead of sending a proxy-style request which looks like this:

                       

                      http://domain.tld/myfile.htm

                       

                      it sends a server-style request to MWG, which looks like this:

                       

                      /myfile.htm

                       

                      There is basically nothing wrong with this, but with authentication this behaviour becomes an issue. Usually when a proxy is configured in the browser MWG answers with 407 messages to tell the browser to authenticate (Proxy-Authenticate). This works fine. But when the client sends the server-style requests MWG now cannot answer with a 407 (because thie request is not a proxy request), but has to answer with a 401 (web server authentication) to the browser, asking for authentication.

                       

                      Because the browser has a proxy configured it only expects 407 messages to respond to with the credentials you have given. Once it receives the 401 the browser assumes the web site requires authentication, and shows a popup window.

                       

                      I cannot see any workaround except allowing the request to initialize the web socket without authentication. I have created a rule that allows this specific request (everything else is filtered as before):

                       

                      Auswahl_157.png

                      As you can see I check the Host and Path of the URL, and if it matches to the web socket initialization I skip authentication. You may have to create a similar rule and place it somewhere into your policy where it skips all authentication rules.

                       

                      This should allow the web site to run fine.

                       

                      Best,

                      Andre

                      • 8. Re: Webgateway requesting password
                        Bruno Caldas

                        Very good your post, but did not work and procedure, have a new idea?

                         

                         

                         

                        erro_ig2.png

                         

                        the error continues, I await help

                         

                         

                        I'm sorry any mistake in English

                         

                        Bruno Caldas

                         

                         

                         

                        Message was edited by: bruno.caldas on 10/4/12 8:08:48 AM CDT
                        • 9. Re: Webgateway requesting password
                          asabban

                          Hi Bruno,

                           

                          without any data it is hard to make further assumptions, but I believe that maybe the rule is not correctly in place. If it is placed correctly MWG would not send a 401 to the browser and it would not show a popup window. Can you share some more information about your rules and explain where you added the rule?

                           

                          Best,

                          Andre

                          1 2 3 Previous Next