Indeed, essentially with the use of Kerberos mode, browsers that use Windows APIs (Opera, Chrome, Edge, Internet Explorer...) use the NTLM method if the Kerberos method fails.
When you have workstations that are not connected to the Windows domain, there is a risk that they will not be able to log in when using the basic authentication mode associated with the Kerberos authentication method.
The automatic failover behaviour to NTLM does not work because this identification method is not used by the proxy service.
To avoid this deadlock, it is necessary for the proxy to offer the most appropriate authentication system so that the browser automatically switches to the desired authentication method.
This workaround is only available when using Artica 4.30 Service Pack 339 or above and Proxy version 5.1 or above.
- In the left menu, choose “Your Proxy” / "Authentication"
- Select the “Authentication mechanism preferences”
- This section use the ACL process to select the Authentication method.
In this case, these users are able to logon using a basic authentication method.
When you add a rule, you specify the type of priority authentication that will be served when the objects of this rule match.
The first matching rule determines the schemes order for the current Authentication Required transaction.
Note that the future response is not yet available during evaluation.
If this directive is not used or none of its rules match, then Proxy service responds with all configured authentication schemes in the order of rules directives.
This directive does not determine when authentication is used or how each authentication scheme authenticates clients.
This feature is available only if you the proxy in 5.x branch, you cannot use it on 4.x branch.
Artica display an error if the proxy did not have the supported version.
