Flash Videos cause authentication pop-up when the ProxySG appliance is deployed transparently and authentication is enabled.
Why you are getting a pop-up:
Before the video starts playing, the Flash player sends a POST request to open the video stream. It is important to understand that HTTP POST requests cannot respond to a 302 redirected sent by the ProxySG appliance to redirect to the Virtual URL for authentication. Therefore, the ProxySG appliance sends back a 401 as an 'origin' challenge, instead of sending a 302-redirect in the form of an 'origin-redirect' challenge. The browser therefore thinks it is the OCS (Website) asking for authentication, not the ProxySG. The browser will not automatically send its IWA/NTLM credentials for an 'origin' challenge, but creates a pop-up instead.
How to resolve the issue:
To resolve the issue, you can do either of the following: 1) Do not authenticate 'POST' requests 2) Do not authenticate the source User-Agent 'Shockwave Flash' 3) Do not authenticate the source Content-type: application/x-fcs
Here is what the HTTP POST request looks like from the BBC player: