Currently when we want to access an internal site from Internet (IIS with NTLM auth), we have two login screens that appear :
- step1 : LDAPAuth, from the BlueCoat that check login/password validity against Active Directory
- step2 : NTLM auth, from our application.
Is it possible to configure the reverse proxy to use the LDAP credentials provided at step1, and give them to whatever application that requests them ? Of course, if those credentials aren't valid, nothing happens.
We're using BlueCoat SG400.
Update : we're not looking for SSO where the user doesn't have to enter a password. We want the user to enter his domain credentials in the LDAPAuth dialog box, and the proxy to reuse it to authenticate against our application. Or any application that uses NTLM. We've only got 1 AD domain behind the reverse proxy.
Are you looking for the proxy to authenticate to your app specifically, or more of a single-sign-on thing in which your clients are not prompted for authentication?
If you're looking for more of the SSO thing, this forum post sounds like it might at least lead you along that path. It is a little on the old side and I'm not sure which product they're talking about. BlueCoat seemingly supports NTLM which is what you would want for transparent authentication.