Intro

Sometimes it happens that accessing Gerrit, Subversion (SVN) or some other services behind Apache or NGINX reverse proxy with basic authentication (even with SSO involved) shows empty page and 401 unauthorized error. Apart from other reasons one of the most frequent reasons why it happens is actually setting in the browser, which prohibits usage of basic authentication. If there are no other authentication options on server available, then server actually delivers empty page or shows 401 (Unauthorized) status code and error message.

Latest version of Edge no longer shows basic authentication login dialog when some server offers that option:

https://answers.microsoft.com/en-us/microsoftedge/forum/all/latest-version-of-edge-no-longer-shows-basic/3601252b-e56b-46c0-a088-0f6084eabe47

Checking basic authentication status in Edge browser

  • Go to edge://policy URL
  • Filter/search by "AuthSchemes"
  • Original could be for example "ntlm,negotiate"
  • Expected value shall contain "basic", for example "basic,ntlm,negotiate"
    • If basic is already present:
      • make sure you closed and re-opened all instances of Edge (or whole computer just to be sure)
      • if issue with 401 unauthorized error message persists even afterwards, issue is most probably lack of permissions/authorization to access related resource as error message suggests
    • If basic is not present, continue with steps in WorkaroundforEdgebrowsertoallowsupportforbasicauthentication

Workaround for Edge browser to allow support for basic authentication

  • on Windows we need to import registry entry
  • on Linux we need to create managed policy
    • make sure your account is in sudoers or you run those commands under root
    • make sure folder exists:

      sudo ls -lah /etc/opt/edge/policies/managed/
    • If folder does not exist, make sure you are using Edge and find out proper location on your system
    • If folder exists then create policy as in this example, including "z" prefix (or other one suitable for your setup) to make sure our policy is potentially overriding other existing policies by being alphabetically after whatever policy files you have present:

      echo '{"AuthSchemes":"basic,ntlm,negotiate"}' | sudo tee /etc/opt/edge/policies/managed/z-authschemes-policy.json
      
      # Our policy must be in the end of list to have a good chance to override other policy files:
      sudo ls -lah /etc/opt/edge/policies/managed/
      
      # Now just checking that it was written properly:
      sudo cat /etc/opt/edge/policies/managed/z-authschemes-policy.json
    • Then close and restart Edge browser completely.
    • Basic authentication for Edge browser shall be now enabled. You can follow CheckingbasicauthenticationstatusinEdgebrowser to verify it.


  • No labels