Java does not support Kerberos and therefore may not work with the proxy.
This article describes how to force Java through a different proxy, other than the system settings proxy.
Oracle Java supports NTLM authentication through proxies but does not support Kerberos.
Given the widespread use of Java applets in websites, this can make switching to Kerberos difficult
- Configure Kerberos authentication on the primary proxy port but also create a secondary port running NTLM authentication see https://help.smoothwall.net/Latest/Content/modules/guardian3/cgi-bin/guardian/authpolicywiz.htm
- Use group policy to deploy a
.configfile to each workstation to:
- This file should contain two lines:
(URL to deployment file hosted on a web server)
(Set to true to enforce settings Java will not run if it cannot fetch the deployment file)
- Create a
deployment.propertiesfile to a web server accessible to all clients (typically, an internal intranet server).
This file will contain any options you wish to configure for Java.
- Add the following to
deployment.propertiesto force Java to use a different proxy than the browser:
Tip: Use the same address and port for HTTPS/FTP traffic.
Note: If you are hosting the
deployment.properties file on an IIS web server, ensure you have added a text mime type for
.properties files otherwise the server will refuse to serve it. Further technical details on deploying Java can be found here: http://docs.oracle.com/javase/6/docs/technotes/guides/deployment/deployment-guide/properties.html.