What ProxySG configurations and policy are required for proxy authentication to work with Microsoft Edge in a transparent deployment?
Last Updated January 25, 2018
To prevent IWA authentication failure with Microsoft Edge in a transparent deployment, do the following:
Use an HTTPS virtual URL. Microsoft Edge is more security-conscious than Internet Explorer and does not follow HTTPS-to-HTTP redirects in some cases.
Use a hostname for the virtual URL that does not contain any dots. The browser resolves the name using an imputing DNS suffix.
Use the following policy to allow credentialed CORS requests. For now, HTTP methods such as POST and OPTIONS also must be exempted from authentication because Edge does not let the ProxySG appliance redirect them to virtual URLs.
<Proxy> ; Allow OPTIONS and POST without authentication, since Edge won’t let ProxySG to redirect them. ; OPTIONS is a CORS “preflight” request which can’t be redirected. allow http.method=OPTIONS||POST authenticate(iwa_realm) authenticate.mode(origin-cookie-redirect)
<Proxy> ; Add CORS headers to allow inline requests to be redirected to the virtual URL and back again. request.x_header.Origin.exists=yes action.cors(yes) define action cors set(exception.response.x_header.Access-Control-Allow-Origin,"$(request.x_header.Origin)") set(exception.response.x_header.Access-Control-Allow-Credentials, "true") set(response.x_header.Access-Control-Allow-Origin, "$(request.x_header.Origin)") set(response.x_header.Access-Control-Allow-Credentials, "true") end
Imported Document ID: 000029480
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.