Single Sign on for the Browser Proxy

Using a proxy to handle a browser's internet traffic provides additional security and control. However, if the proxy is password-authenticated, the user has to enter their credentials, which adds some inconvenience.

With IGEL Linux version 5.08 or newer and IGEL Linux version 10.01.100 or newer, you can avoid this inconvenience by using the passthrough feature. As a prerequisite, user logon must be carried out via Kerberos.


To enable single sign on for the browser proxy:

  1. Open the Setup and go to Security > Logon > Active Directory/Kerberos.
  2. Activate Login to Active Directory/Kerberos.
  3. Go to Sessions > Browser > Browser Sessions > [name of the browser session] > Settings > Proxy.
  4. In the Proxy Configuration choice, select Manual proxy configuration.
  5. For an HTTP proxy, define the following settings:
    • HTTP proxy: IP address or hostname of the proxy to be used
    • Port: Port of the proxy for HTTP
    • No proxy for: IP addresses or hostnames of servers that can be accesses directly
    • Proxy realm: Area in which the browser authenticates itself for the proxy. Together with the user name and password, this information is necessary for authentication.
    The Proxy realm field is internally pre-populated with the value moz-proxy://[HTTP Proxy]:[Port]. If the field is empty, this value will be used when authenticating the browser. If the proxy expects another unknown value for the proxy realm, you can determine this as follows: Leave the User name and Password fields empty and launch the browser. The dialog window which appears will contain the correct value for the Proxy realm field: In the example above, the value for the Proxy realm field is as follows: moz-proxy://172.30.178.10:8080
    • Use passthrough authentication: Must be enabled to allow single sign on for the browser proxy.
    • Do not prompt for proxy authentication if credentials are saved: Must be enabled to enable seamless single sign on for the browser proxy; suppresses the Authentication Required dialog.

    The next time the user logs in to the thin client, the browser proxy is ready to use.
Last update: July 11, 2018