Users are seeing this error  when connecting to HTTPS sites using CONNECT and Origin-Style Redirection or form redirect modes in explicit proxy.

 "Cannot use form authentication for CONNECT method (explicit proxy of https URL)"

This error occurs when authentication is done via a form redirect mode, and a workstation send a 'Connect' request to the proxy.

A connect request is how a browser, that is explicitly configured to use a proxy, asks to open secure connection on a port that isn't 80.

For example, typing in https://www.domain.ltd in a browser would generate a request that looks like this : 

CONNECT www.domain.ltd:443

By standard, it is not possible to redirect a 'Connect' request as this is a tunneled connection. Since this traffic is not being decrypted the proxy cannot access whatever is inside that tunnel, to send a redirect and point the browser to the authentication form.

NOTE: This is not a product limitation. Browsers, by design, do not follow redirects when the HTTP method used was 'Connect' for security reasons.

There are two possible solutions in order to resolve this issue:

1. Bypass authentication on the CONNECT method by adding the following code to the local policy file:

<proxy>

http.method=CONNECT  authenticate(no)

2.  Use "proxy" authentication mode, for example:

<proxy>

allow http.method=CONNECT authenticate.mode(proxy) authenticate(ldap)

allow authenticate(cert) authenticate.mode(origin-cookie-redirect)