Skip to main content

HTTP Proxy Support

Passwordless for Windows

Admins can configure proxy settings so that the HYPR Passwordless client can communicate to the HYPR Control Center. Proxies are honored in the following order if set:

  1. Configured proxy in the HYPR Passwordless client.

  2. Configured system-wide WinHttp proxy.

  3. Support for a Proxy Auto Config (PAC) URL.

Configured Proxy in the HYPR Passwordless for Windows Client

The HTTP proxy can be configured solely for HYPR Passwordless via the following registry settings:

Registry Value NameDescription
Proxy BypassSpecifies the proxy bypass list (i.e., a comma-delimited list of host names to be excluded from consideration). If the URL matches any of the hosts in the proxy bypass list, the proxy will be bypassed and a direct connection will be made. Host names can include wildcards (e.g., .hypr.com or 10.20.).
Proxy ServerSpecifies the proxy server (i.e., "proxy[:port]) to be used (e.g., "proxy.nyoffice.hypr.com:808"). If the port is not specified, it defaults to 8080.

Configuring a System-wide WinHttp Proxy

A proxy can also be specified system-wide using the netsh winhttp set proxy command. Here's an example:

netsh winhttp set proxy proxy.hypr.com:808 "*.hypr.com,10.20.*"

You can restore the proxy settings back to direct access with netsh winhttp reset proxy.

netsh winhttp reset proxy

Support for a Proxy Auto Config (PAC) URL

A proxy can also be configured to reference a PAC URL, a JavaScript file controlling proxy settings. It can look like this:

function FindProxyForURL(url, host) {
return "PROXY proxy.nyoffice.hypr.com:808";
}

The PAC URL can be picked up from DNS or DHCP, or manually configured for the HYPR Passwordless client with this registry setting:

Registry Value NameDescription
Proxy Auto Config UrlSpecifies the URL of the proxy auto config file (e.g., http://nyoffice.hypr.com/proxy.pac).

Use the HTTP Proxy to Install HYPR Passwordless Client for Windows

Once you've configured the HTTP Proxy, include it when installing the HYPR Passwordless Client on the workstation. Installation can happen either by using the wizard or by the command line.

Using the Wizard

If you're using the Installing with the UI, set the HTTP Proxy value on the Environment Setting screen to the proxy you configured above.

Using msiexec with Command Line Parameters.

If you're setting the parameters directly on the command line, pass in the proxy via the HYPRPROXY parameter. See Command Line Installation for Windows.

msiexec.exe /qn /i .\WorkforceAccess.msi HYPRRP="https://highlandsbank.com/rp" 
HYPRSUPPORT="support@hb.com" HYPRHASH="LeM8XnCIy8+Cxm+HKTEOBZr1g3D8odQNHTH+vdu7RWc="
HYPRTEMPLATE="HYPRUser" HYPRPROXY="http://proxy.example.com:8080"

Using msiexec with the hypr.json File

If you're setting the parameters using the hypr.json configuration file, pass in the proxy via the proxy parameter.

{
"version":"1.0",
"rpUrl":"https://highlandsbank.com/rp",
"appId":"WorkstationAccess",
"pinningHash":"LeM8XnCIy8+Cxm+HKTEOBZr1g3D8odQNHTH+vdu7RWc=",
"supportEmail":"support@hb.com",
"proxy":"http://proxy.example.com:8080",
"fullUI":"1"
}
Feature Security

For security reasons, the proxy parameter won't be displayed in the Registry Editor alongside the other HYPR keys.

Upgrading Earlier Versions

The installation commands are the same as for a fresh install (see above). However, you only need to provide the new proxy value. The installer will reuse the existing values for the rest of the parameters.

For example, to upgrade using msiexec with command line parameters, just specify the HYPRPROXY value:

msiexec.exe /q /i WorkforceAccess_x64.msi HYPRPROXY="http://proxy.example.com:8080"

Passwordless for macOS

You can configure the HYPR Passwordless client for macOS to communicate with the HYPR Control Center server via a proxy. You may:

  • Configure the proxy directly in the HYPR Application

  • Set a system-wide proxy in macOS

Configuring a Proxy for the HYPR Passwordless for Mac Client

Configure a proxy directly in the HYPR Passwordless client by modifying ProxyServer and ProxyBypass parameters in the Application's HyprOneService.plist file:

ParameterDescription
ProxyServerThe proxy server to be used (proxy[:port]). The port is default to 8080 if not specified.
ProxyBypassA comma-separated list of host names to be excluded. Matches bypass the proxy for direct connections. Host names can include wildcards (e.g., .mycompany.com or 10.20.).

For more information on changing the HyprOneService.plist configuration settings, see Installing Manually. Remember to save the file and restart the computer for your changes to be applied.

Configuring a System-wide Proxy in the macOS Settings

Alternatively, use the following steps to configure a system-wide HTTP/HTTPS proxy in macOS.

  1. Open System Preferences > Network.

  2. Depending on which network adapters are available (e.g., Ethernet or Wi-Fi), select the appropriate network adapter and then click Advanced….

  3. Choose the Proxies tab at the top of the page. There are three ways to configure a proxy:

    • Manually configuring the proxy

    • Specifying a URL for a proxy auto config (PAC) file

    • The system discovers the proxy automatically via DNS

Manually Configuring the Proxy

  1. Select "Secure Web Proxy (HTTPS)".

  2. Enter the host name or IP address of the proxy server along with the TCP port on which the proxy server is listening. For example, the following screenshot shows a proxy at 192.168.0.200 listening on port 808.

  3. Click OK when finished.

Specifying the URL of the Proxy Auto Config (PAC) File

  1. Select Automatic Proxy Configuration.

  2. Enter the URL for the Proxy Auto Config (PAC) file.

  3. Click OK when finished.

Discovering the Proxy Automatically via DNS

Select Auto Proxy Discover to have macOS discover the proxy automatically via DNS.

Use the HTTP Proxy to Install HYPR Passwordless Client for Mac

Once you've configured the HTTP Proxy, include it when installing the HYPR Passwordless client on the workstation. See Installing with the UI: Installing on macOS.

Upgrading Earlier Versions

If your installer came without a hypr.json configuration file, you'll need to manually create one with the proxy field added. For example:

{
"version":"4",
"rpUrl":"https://highlandsbank.com/rp",
"appId":"WorkstationAccess",
"pinningHash":"LeM8XnCIy8+Cxm+HKTEOBZr1g3D8odQNHTH+vdu7RWc=",
"supportEmail":"support@hb.com",
"proxy":"http://proxy.example.com:8080",
}

See the Installing Manually page for more information about the hypr.json configuration file.

To upgrade, place the hypr.json file and the HYPR installer package in the same folder and execute:

installer -pkg WorkforceAccess-X.X.X-Installer.pkg