Proxy authentication requests starting in 6.8.482 beta

Hi there

I look after our IT at work and have a number of people using 1Password teams (which is all round loved :) ). They are all on the latest stable release, but I run the beta.

Our computers all access the net via a PAC file, which sends traffic to an authenticated proxy. Browsers automatically authenticate using Kerberos, but other Windows apps need authentication credentials entered. To avoid user confusion, I enter domain bypasses for authentication for apps that need internet access, rather than them either failing with access denied errors, or triggering proxy authentication popups. It's only browser traffic that I need authenticated.

To achieve authentication bypass for the 1Password desktop app, I have bypassed the "1password.com" domain and all subdomains. Up until 6.8.482, that worked. The end user did not receive any alerts about the proxy.

As of 6.8.482, upon first launch, 1Password asks for proxy authentication credentials. The message says "The server (our proxy URL) is asking for your username and password. The server reports that it is from proxy."

If I click Cancel, 1Password continues to operate normally. Until the next computer reboot, there are no further requests for proxy credentials.

Is this an intended change? If so, is there a way to suppress proxy authentication prompts given in our case I have an authentication bypass in place?

Thanks in advance,
Mark


1Password Version: 6.8.482
Extension Version: Not Provided
OS Version: Windows 10 1709 (16299.125)
Sync Type: Not Provided

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @portbury,

    Thanks for reporting this.

    This is our first time supporting PAC and authenticated proxies with 1Password 6.8 version. In a way, we're happy to hear that it did technically work.

    However, we are checking against http://1password.com and waiting to hear for authentication request, check against the existing credentials stored in Windows Credentials and if it doesn't exist, we prompt for it. So, the fact that it asked for it with your bypass is strange.

    Just in case, are you able to check the network traffic to see which domain came back with the authentication request? I wonder if it is due to our app update check against rink.hockeyapp.net that might trigger it? We are investigating to see where it might be.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file