When access to internet correctly with IE normal to pop-ups authentication, but if we access with Google Chrome the pop-ups aren't showed.
Customer use Chrome lates version. please help to recommend for workaround or how to fix this issues of Chrome Browser.
and i would like to fix problem about authentication too when i check we found anonymous logon so much.
When accessing via chrome, what does the trace show the user as ? Is it correct logged in user ? With chrome are they able to access internet or does it gives back any error ?
because chrome don't show pop-ups to login. when client access to internet it will be policy denied because don't have authorize to access internet.
please recommend how to check this issues or have any workaround for this case.
Can i send sysinfo to you for help to check?
It is not easy to say why you are not getting a pop-up. My assumption with minimal information is that the machine not in domain and the chrome is passing a local login or anonymous service accounts to proxy. If this account passes authentication at the AD side, proxy will consider it as valid login. Since there is no access rule defined for this user, you end up getting Policy denied. Can you get me a pcap when this is tested ? If you can get separate PCAPs for IE and Chrome, it will be better.
For this case my team by Pakorn he was found something wrong for make issues occurred only Chrome Browser not Pop-up Authentication
following picture as below or you can see from attach file
if virtual url for authen use https error occurred as same as below
if virtual url for authen use http not have pop-up to authen
Please recommend for fix Certificate error Subject Alternative name missing
The error screenshot shows 2 issues. One is Common Name Invalid which is since the url was accessed with its IP address 192.168.6.112 instead of proxy1.port.co.th. This can be fixed by using the FQDN instead of IP address.
The second error of Subject Alternative Name missing is a bit problematic one. Due to security issues, chrome now expects the common name to be added in the certificate as SAN (aka Subject Alt Name). This will need the certificate to be re-signed with SAN extension. You can read more about this at https://support.google.com/chrome/a/answer/7391219?hl=en . When resigning the certificate, the name proxy1.port.co.th should also be added in as a SAN name.
For create CSR from Proxy not support SAN ?
SAN is added to the certifcate as an extension. There is no need to be present in the CSR. Enabling the CA to sign using this extra extension will solve the issue.