If you're having trouble logging in on the web app and need to reset your password every time you access it, you could be behind a proxy.

One of the most popular proxy solutions companies use is Broadcom's ProxySG. This is basically a proxy that sits between the user and their interactions with the Internet. ProxySG (and any other proxy for that matter) is there to filter web traffic in an effort to identify malicious payloads and to control sensitive content.

While being behind a proxy has its security upsides this can cause issues for users when they want to use Toggl Track or any other web app and additional configuration is needed to resolve these issues.

The issue

The most common issue is that ProxySG removes the Authorization Header from the HTTPS requests. This means that your credentials never reach our servers and as a result, this prevents our servers to validate the login attempt. By default, the proxy strips the Authorization header within HTTPS connections to avoid leaking any user and password details.

Solution

In order to send the Authorization header upstream regardless, authentication must be done in the destination server and not in the ProxySG, otherwise, the header will be stripped from the request. This can be achieved by installing the following CPL code for the particular site:

<proxy>

url.domain=site.com authenticate(no, upstream_authentication)

Need further help with this issue? Contact our support team via chat or email and we will do our best to help you communicate the issue with your IT department and resolve it.


Did this answer your question?