Cisco Cisco Web Security Appliance S390 Betriebsanweisung

You can configure the Web Proxy to request authentication again if an 
authenticated user is blocked from a website due to restrictive URL filtering. To 
do this, enable the “Enable Re-Authentication Prompt If End User Blocked by 
URL Category or User Session Restriction” global authentication setting. For 
more information, see 

.

Traditionally, users identified by an authentication user name are explicitly 
prompted to enter a user name and password. The credentials the user enters are 
then validated against an authentication server, and then the Web Proxy applies 
the appropriate policies to the transaction based on the authenticated user name.

However, you can configure the Web Security appliance so that it identifies users 
by an authenticated user name transparently—that is, without prompting the end 
user. You might want to do this to:

Create a single sign-on environment so users are not aware of the presence of 
a proxy on the network.

Use authentication based policies to apply to transactions coming from client 
applications that are incapable of displaying the authentication prompt to end 
users.

Identifying users transparently only affects how the Web Proxy obtains the user 
name and assigns an Identity group. After it obtains the user name and assigns an 
Identity, it applies all other policies normally, regardless of how it assigned the 
Identity.

To identify users transparently, you must define at least one LDAP authentication 
realm that supports Novell eDirectory.

You can also transparently identify remote users when using Secure Mobility 
Solution. For more information, see 

.