OPNSense 25.10.2_4 Business Squid Proxy with LDAP (AD) Firefox ok / Chromium nok

Wuensch-AG-Adm · March 19, 2026, 09:34:48 AM

Dear OPNSense community,

We performed an upgrade this morning, and the proxy authentication via LDAP (AD) in Squid is not working as intended.
The Chromium browser prompts for a username and password, and even when these are entered correctly, the login window keeps reappearing.
It works with Firefox and we juste need to enter the username and password one time. Unfortunately, this shows us that the proxy cannot work with SSO, as was the case with a Sophos appliance, where this feature was truly user-friendly (one-time password at Windows login, no double/triple login with the browsers/ web app).
Even if the website is on the list of local websites (some of which we host ourselves), the proxy still displays the login window!!!

My infos:
Version: OPNsense 25.10.2_4 / FreeBSD 14.4-RELEASE
os-squid: 1.4
os-web-proxy-sso: 2.2_3
os-OPNProxy 1.0.5_4
Services -> Squid Web Proxy -> Forward Proxy -> Authentication Settings -> Authentication method -> LDAP

Do you have any idea why the Chromium browser isn't working with Squid/OPNSense?
Is it possible to set up a working web proxy with SSO on an OPNSense server? (This might also be of interest to the customers.)
Is there a better alternative to Squid that is also more user-friendly? (without requiring users to enter a username and password in the browser)

Thank you in advance for the information.

Regards,

Joel.

Monviech (Cedrik) · March 19, 2026, 10:51:54 AM

I would maybe look at what Zenarmor has to offer. They are one of our partners: https://docs.opnsense.org/vendor/sunnyvalley/zenarmor.html

The plugin combination you use has either no maintainers or support Tier3. They are all completely in community scope.

https://github.com/opnsense/plugins/blob/0e62a4992404873c2d0005ed2b3a474d0d9eac9b/README.md?plain=1#L130

https://github.com/opnsense/plugins/commit/7cd45894e266427fcddb25f9af30477d8de1a69f

Wuensch-AG-Adm · March 19, 2026, 11:15:26 AM

Quote from: Monviech (Cedrik) on March 19, 2026, 10:51:54 AMI would maybe look at what Zenarmor has to offer. They are one of our partners: https://docs.opnsense.org/vendor/sunnyvalley/zenarmor.html

The plugin combination you use has either no maintainers or support Tier3. They are all completely in community scope.

https://github.com/opnsense/plugins/blob/0e62a4992404873c2d0005ed2b3a474d0d9eac9b/README.md?plain=1#L130

https://github.com/opnsense/plugins/commit/7cd45894e266427fcddb25f9af30477d8de1a69f

Isn't os-OPNPROXY a business plugin from OPNSense / Deciso itself? (and sold as a bonus plugin)
https://docs.opnsense.org/manual/opnproxy.html

Monviech (Cedrik) · March 19, 2026, 11:25:28 AM

It has been demoted to community a while back, it can also be installed in the community edition.

OPNSense 25.10.2_4 Business Squid Proxy with LDAP (AD) Firefox ok / Chromium nok

Wuensch-AG-Adm

March 19, 2026, 09:34:48 AM Last Edit: March 19, 2026, 09:38:15 AM by Wuensch-AG-Adm

Monviech (Cedrik)

March 19, 2026, 10:51:54 AM #1

Wuensch-AG-Adm

March 19, 2026, 11:15:26 AM #2

Monviech (Cedrik)

March 19, 2026, 11:25:28 AM #3