Authentication is not working

Authentication is not working

Issues


  1. If your LDAP configuration is improper, you should face an authentication issue.
  1. If your username or password is wrong, you should face an authentication issue.
  1. In the case of SSO authentication, if your access policies under the access restriction section are not properly configured, you should face an authentication issue.
  1. In the case of SSO authentication, if you entered the wrong password multiple times for LDAP failover, your password should be saved under Reports > password cache on the SafeSquid interface, and you should face an authentication issue.
  1. If SSO configuration is improperly configured, you should face an authentication issue.
  1. If time and date synchronization is not the same among the proxy server, active directory and client machine, you should face an authentication issue.

  1. Solution

Case 1

If your LDAP configuration is improper, you should face an authentication issue.
Integrate Active Directory for Simple Authentication as per the link to solve your authentication issue.
Verify it from SafeSquid Logs.
  1. GET http://safesquid.cfg/ HTTP/1.1
  2. Host: safesquid.cfg
  3. User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:66.0) Gecko/20100101 Firefox/66.0
  4. Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
  5. Accept-Language: en-US,en;q=0.5
  6. Accept-Encoding: gzip, deflate
  7. Connection: keep-alive
  8. Upgrade-Insecure-Requests: 1
  9. Proxy-Authorization: Basic c2FtaWRoYWs6c2FydmE=
  10. 2019 04 08 16:34:56.398 [11750] debug: ldap: set_dn:1009 ip:[192.168.0.10] user:[SAMIDHAK@SAFESQUID.TEST] DN:[CN=samidhak,DC=safesquid,DC=test] Groups:[DC=safesquid DC=test,CN=MANAGERS DC=safesquid DC=test,SAMIDHAK@SAFESQUID.TEST]
  11. 2019 04 08 16:34:56.398 [11750] error: security: [IP:192.168.0.10] password cache: authentication failed for samidhak
  12. 2019 04 08 16:34:56.399 [11750] debug: header: to 192.168.0.10:
  13. HTTP/1.1 407 Proxy Authentication Required
  14. X-Powered-By: safesquid-2019.0401.1624.3-swg-standard
  15. Proxy-Authenticate: Basic realm="sabproxy.safesquid.test"
  16. Content-Length: 0
  17. Proxy-Connection: close
  18. X-SafeSquid-Client-ID: 11750.0

Case 2

If your username or password is wrong, you should face an authentication issue.
Make sure about your username and password for any authentication whether it will be a Simple authentication link, Basic authentication link or Interface authentication link

Case 3

In the case of SSO authentication, if policy configuration under the Access Restriction section is improper, you should face an authentication issue.
Make sure about your policy configuration under the Access Restriction section as per the link.

Case 4

In the case of SSO authentication if an authentication challenge appears on the interface and you entered the wrong password multiple times for LDAP fail-over your password should be saved/stored under Reports > password cache on the SafeSquid Interface, you should face an authentication issue.
Access SafeSquid Interface LINK and remove all the passwords that you entered from Reports > password cache.

Case 5

If SSO configuration is improper, you should face an authentication issue.
Before Integrating Active Directory For SSO Authentication make sure your DNS configuration and NTP server configuration are as per the specified DNS and NTP server Configuration.
For Integrating Active Directory for SSO Authentication follow the link so that your authentication issue will solve.

Case 6

If time and date synchronization is not the same among the proxy server, active directory and client machine, you should face an authentication issue.
Verify the time and date synchronization among the proxy server, active directory and client machine using the following command.
Command:
  1. root@sabproxy:~# ntpdate <server_IP>

Example

In our case Proxy server IP address: 192.168.221.222
Active Directory IP address: 192.168.221.1
Client machine IP address: 192.168.221.212 (Windows test machine)
Verify time and date synchronization from the proxy server (192.168.221.222). Run below command
  1. root@sabproxy:~# ntpdate 192.168.221.1                   
25 Jan 16:44:14 ntpdate[22275]: the NTP socket is in use, exiting
Time synchronization between the Proxy server and Act
Same way verify Time synchronization between the Proxy server and the Client machine as well as the Active Directory and the Client machine
All three machines are with same time and date.




    • Related Articles

    • Application not working with Authentication

      Issues Certain applications (like Dropbox®) do not work with authentication. Root Cause Certain applications (like Dropbox®) which do not support proxy authentication, want to bypass authentication for that application. Solution Follow the link to ...

    • Application not working with HTTPS inspection

      Business challenge The HTTPS inspection Bypass option enables you to define specific websites that are not subject to decryption as they flow through the proxy. Some websites may include personal identification information that should not be decrypt. ...

    • SSO Authentication Fail

      Troubleshooting If your configuration is exactly similar to How to and still your SSO authentication failed. 1. Make sure the User Name: administrator@safesquid.test (The user name should be any user from AD having administrative permissions) 2. ...

    • Category update is not working

      Issues I am trying to add new websites to the whitelist or blacklist category, but it is not updating. Uploaded a new file with some websites and added them to a specific category, but I did not find those websites in the respective category. ...

    • SSL Certification Errors

      Issues with their Root Cause When the SSL certificate is imported into the Chrome browser and still shows Your connection is not secured for HTTPS sites. ->Policies in the HTTPS Inspection subsection may not be configured correctly. While the ...