Hi Vincent -
Based on the following thread, I'd have to say this is not possible, but perhaps someone else can chime in with further detail and to confirm:
Authentication is hop-by-hop per the RFC. You cannot chain authentication through to a second proxy.
Thanks for answers. I'm going to authenticate users otherwise.
Yes you can provide authentication from Squid to MWG if you use the same authentication on both. Just use the same LDAP setting on Squid and on MWG and use this in your Squid conf:
cache_peer xxx.xxx.xxx.xxx parent 8080 0 no-query login=PASS
I've configured squid.conf with :
auth_param basic program /usr/lib64/squid/squid_ldap_auth -D "cn=Administrator,cn=Users,dc=my,dc=domain" -w password -b "cn=Users,dc=my,dc=domain" -f "sAMAccountName=%s" -h xxx.xxx.xxx.xxx -p 389
auth_param basic children 5
auth_param basic realm Proxy Authentication
auth_param basic credentialsttl 1 hours
And of course with the cache_peer options ... login=PASS
This works well now
The first authentication was pass from Squid to the MWG. Then the MWG verify the user's group to validate the authentication. I had to play with the Authentication cache TTL while removing my user from the authorized group to test it again.
Thanks for help