I'm playing around with the SSO in transparent mode but it keeps asking for the password. Looking at the Alan's explanation, I found that the UTM's FQDN is not recognized as in the local intranet zone.
Originally Posted by AlanT
Here's a quick run-down on how the AD SSO handshake in Transparent mode works:
* Browser sends HTTP request, which is transparently intercepted by the UTM
* UTM redirects the HTTP request to the FQDN of the UTM (port 80)
* UTM sends a 401 response to challenge for authentication.
* Browser replies with a ticket or credentials to complete the handshake
* UTM caches the authenticated user with the source IP address
* Browser gets redirected to original site
One caveat here, is that the UTM's hostname must be a fqdn within the local AD domain, so that your browser will consider it to be a site in the local Intranet zone. It will then respond to auth requests from the UTM transparently.
If I put the FQDN manually in the Local intranet configuration, the authentication goes on beautifully.
So, how can I make the FQDN be correctly identified without manually messing around with the users zone configuration?
Looking for infos about this zone, I've found that Windows has a "Dot Rule" which exclude from the Intranet any address which contains a dot (like firewall.acme.local or an IP address).
The Intranet Zone - IEInternals - Site Home - MSDN Blogs
It seems we have a pre-requisite of configuration on the client side for this authentication to work. Am I correct?
Thanks!
