Using Preemptive Proxy Authentication

If Web Transfer Client (WTC) users receive a JavaScript error or a Java error in the Java Console stating “Authentication state already initialized,” then they most likely are experiencing an issue with preemptive proxy authentication. The WTC Java Applet uses preemptive basic proxy authentication behind the scenes, which means that it always sends the "Proxy-Authorization: Basic auth header," anticipating that the proxy server might require credentials for authentication. This provides a negligible performance improvement when basic authentication is used; however, if the proxy server is using NTLM authentication, it will not be satisfied with the basic auth header from the Applet and will respond with a 407 error (Proxy authentication required). If the 407 error occurs, once the Applet receives the response from the proxy it will be confused and try to reinitialize its authentication state which then, by design, throws an exception. The preemptive authentication is designed to work with basic authentication not NTLM.

In order to work around this issue, you can turn off the preemptive authentication from the WTC. If some users are behind a proxy and are having authentication problems, they can turn this setting off, while other users can continue to take advantage of the optimization. The setting defaults to on (selected), but if users experience problems, they can clear the check box and turn this setting off.

In general, when tasks are performed with the WTC that issue requests to the EFT Server (e.g., refreshing the remote pane, creating a new folder, uploading a file), the proxy server may require authentication, depending on the configuration of the proxy server and the browser. For example, when a user uploads files, each PUT request to upload a file may require authentication with the proxy server. So if we transfer 50 files at once with the WTC, by using preemptive authentication, we can essentially reduce the number of round trips by fifty assuming that we would have been prompted for credentials by the proxy server for each file upload.

To turn preemptive proxy authentication on or off

Click Proxy. The Web Transfer Client - Proxy Settings dialog box appears.
The Use Preemptive Proxy Authentication check box is selected by default.
- To turn Preemptive Proxy Authentication off, clear the check box.
- To turn Preemptive Proxy Authentication back on, select the check box.
Click Accept to save the changes.

Refer to Accessing EFT Server Through a Proxy for other proxy settings.

This online help file is for EFT Server version 6.3.x. For other versions of EFT Server, please refer to http://help.globalscape.com/help/index.html.

(If the Index and Contents are hidden, click Show Contents pane in the top left corner of this topic.)

If this help topic did not help you, search the Knowledgebase or pose your question in the GlobalSCAPE User Forum.

For the most up-to-date information, to view version history, updates, and activation instructions; or to download a PDF of this user guide, visit the Support Center at http://www.globalscape.com/support.

Leave compliments or complaints regarding the help in the User Forum. At a minimum, please provide the topic title and why you needed help.

For information about GlobalSCAPE, visit www.globalscape.com, subscribe to our Secure Info Exchange blog, or follow us on Twitter.

Last modified: 20-Dec-11 at 16:00:11