Single Sign on for the Browser Proxy

Using a proxy to handle a browser's internet traffic provides additional security and control. However, if the proxy is password-authenticated, the user has to enter their credentials, which adds some inconvenience.

With IGEL Linux version 5.08 or newer and IGEL Linux version 10.01.100 or newer, you can avoid this inconvenience by using the passthrough feature. As a prerequisite, user logon must be carried out via Kerberos.

To enable single sign on for the browser proxy:

  1. Open the Setup and go to Security > Logon > Active Directory/Kerberos.
  2. Activate Login to Active Directory/Kerberos.

  3. Go to Sessions > Browser > Browser Sessions > [name of the browser session] > Settings > Proxy.
  4. In the Proxy Configuration choice, select Manual proxy configuration.

  5. For an HTTP proxy, define the following settings:

    The Proxy realm field is internally pre-populated with the value moz-proxy://[HTTP Proxy]:[Port]. If the field is empty, this value will be used when authenticating the browser.

    If the proxy expects another unknown value for the proxy realm, you can determine this as follows: Leave the User name and Password fields empty and launch the browser. The dialog window which appears will contain the correct value for the Proxy realm field:

    In the example above, the value for the Proxy realm field is as follows: moz-proxy://172.30.178.10:8080

    The next time the user logs in to the thin client, the browser proxy is ready to use.