If the user is logged into the domain, does that mean you are using Active Directory? If so, then you can use NTLM authentication, and users will not be prompted for authentication.
This doesnt answer your question, however, you brought up the fact that you dont want users prompted for auth.
As mentioned, you can use NTLM, however, that will only work for IE, it will not work for firefox or chrome. Other apps will be hit or miss, depending on how they support authentication.
The way I have ours setup, is that if it is an IE browser, it tries to auth with NTLM, if it is not, then it sends them to form auth. We auth for 24 hours at a time. If you open IE first, then open another browser, you will not be prompted. If you open firefox first, you will be prompted via form auth. (If you would like to see our rules let me know and I can export the auth rules I have.)
Or you install the McAfee proxy client to all your machines, in which case it will auth for you.
Or, you can use explicit proxy settings for your machines, set with a GPO or other method, and that will auth regardless of browser. I use WCCP for 99% of my machines, with NTLM if IE, and forms auth if other. But I have terminal servers where I need to auth with multiple users on a single IP, so I use explicit proxy settings for the users, pushed via GPO.
LDAP will never be transparent <period>
LDAP will always require the user to enter their credentials in one way or the other, as the proxy will need to know the username and password to check its validity against the server and then will pull additional attributes in the context of the admin.
In case you want SSO, your options are:
- LDAP with eDirectory, whereas here the 'authentication' is based on an attribute in the directory that conditionally will be filled and maps the user to the IP the request comes from. That doesn't make it authentication but authorization in a sense that a user has supplied valid credentials previously from the same IP and therefore the authentication for the web request is assumed.