Web-Auth with proxy (wpad)

Unanswered Question
Sep 16th, 2009
User Badges:

i have a problem with web authentication and proxy server. The customer want give access to users but this access shoud be over proxy. They are using WPAD protocol. But after login in web page of the web-auth the URL, for examplo, www.yahoo.com not work. However, if i open a new browser so i get the URL required. Someone know that happening?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
weterry Wed, 09/16/2009 - 19:44
User Badges:
  • Silver, 250 points or more

Can you clarify a little more? I am confused.


Are you saying that when you open a web browser, that you do get redirected to the web-auth page or not?


If you do get directed there, are you able to login?


It sounds like you get redirected and then when you close the window and open a new browser, you are able to go to www.yahoo.com. Perhap I am misunderstanding.





If the problem is strictly that you get redirected to the webauthentiction page, but that you cannot browse to www.yahoo.com after authenticating, I would say that the browser probably never loaded the WPAD file.


When you close the browser and open it again, now that the client is authenticated, it is probably able to load the wpad file and therefor does the proxy correctly.

alex-pavezi Thu, 09/17/2009 - 05:19
User Badges:

ok, let's go!!!


yes, when i open a browser, IE, i am redirect to http://1.1.1.1/login.html and i can log in successfully. But, after login i can not redirect to web page configured as default in my browser, for examplo, www.yahoo.com. But, if i leave the page error (yahoo.com) open and run a new browser window i can access to yahoo.com

weterry Thu, 09/17/2009 - 20:20
User Badges:
  • Silver, 250 points or more

I bet that what is happening is that your browser is not getting the auto-proxy configuration when it first loads for webauth. I think the way it works is that a browser opens and queries for the autoconfiguration file.


But since you are not authenticated at this time, your browser doesn't learn its proxy setting. When you finally web authenticate, the browser has no reason to try the auto proxy again.


Close the proxy, open again, now it auto proxy's again, and this time you can get a file since you are authenticated.



Run wireshark on your laptop and monitor the packets of your wireless card when you are doing this. So if you can see when/where the auto proxy loads.



This is just my thoughts on what may be happening...

weterry Thu, 09/17/2009 - 20:23
User Badges:
  • Silver, 250 points or more

You *might* be able to configure a pre-authentication ACL on the controller that allows an unathenticated client access to the server with the WPAD file... in this case, I'd expect the client would download the file first and then try to webauthenticate.


BUT THERE IS A CATCH:

If your browser is trying to use a proxy to get the 1.1.1.1 webauth page, you'll never load the webauth page (since you never make a request to 1.1.1.1, as it goes to the proxy).

You'd need to have your WPAD configuration have some way to tell the client to NOT proxy the virtual ip address of the controller....


Make sense?


Again, no expert on auto-proxy, just my two cents on what could be the issue.

Actions

This Discussion