NTLM SSO (401 Based Authentication)
NTLM (NT LAN Manager) is a Microsoft protocol which is still very frequently used in web server authentication scenarios, especially within an enterprise. It is enabled by the use of LDAP (invariably Active Directory). When used for authentication in front of servers that use NTLM, enabling SSO on the NetScaler makes very good sense.
When NTLM SSO fails via the NetScaler, the usual User experience will be that they see two 401 dialog boxes followed by a 403 error.
NTLM Authentication flow
NTLM is a challenge-based protocol. The exchange involves the server challenging the client to prove its identity in order to be able to see the resource it is requesting.
The following screenshot is an exchange between the NetScaler SNIP and a web server that has NTLM Authentication enabled. You can filter this communication using http || ntlmssp:
Now let's examine each of the steps in more detail:
First, NetScaler forwards the client's request for an object, and instead...
