Cisco Cisco Web Security Appliance S390 Betriebsanweisung
5-10
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
–
Configure query wait time for Novell eDirectory
– The length of time, in seconds, to wait
for a reply from the eDirectory server. When the query takes more than this value, transparent
user identification is considered to have failed. This limits the authentication delay experienced
by the end user.
user identification is considered to have failed. This limits the authentication delay experienced
by the end user.
The Active Directory settings apply to all AD realms using an AD agent for transparent user
identification. The eDirectory settings apply to all LDAP realms using eDirectory for transparent
user identification.
identification. The eDirectory settings apply to all LDAP realms using eDirectory for transparent
user identification.
If validation fails for any one parameter, none of the values will be changed.
•
tuistatus
– This command provides the following AD-related subcommands:
–
adagentstatus
– Displays the current status of all AD agents, as well as information about their
connections with the Windows domain controllers.
–
listlocalmappings
– Lists all IP-address-to-user-name mappings stored on the Web Security
appliance, as retrieved by the AD agent(s). It does not list entries stored on the agent(s), nor
does it list mappings for which queries are currently in progress.
does it list mappings for which queries are currently in progress.
Configuring Single-Sign-on
Obtaining credentials transparently facilitates a single-sign-on environment. Transparent user
identification is an authentication realm setting.
identification is an authentication realm setting.
For Internet Explorer, be sure the Redirect Hostname is the short host name (containing no dots) or the
NetBIOS name rather than a fully qualified domain. Alternatively, you can add the appliance host name
to Internet Explorer’s Local intranet zone (Tools > Internet options > Security tab); however, this will be
required on every client. For more information about this, see
NetBIOS name rather than a fully qualified domain. Alternatively, you can add the appliance host name
to Internet Explorer’s Local intranet zone (Tools > Internet options > Security tab); however, this will be
required on every client. For more information about this, see
With Firefox and other non-Microsoft browsers, the parameters network.negotiate-auth.delegation-uris,
network.negotiate-auth.trusted-uris and network.automatic-ntlm-auth.trusted-uris must be set to the
transparent-mode Redirect Hostname. You also can refer to
network.negotiate-auth.trusted-uris and network.automatic-ntlm-auth.trusted-uris must be set to the
transparent-mode Redirect Hostname. You also can refer to
. This
provides general information about changing Firefox parameters.
, or the CLI
command
Authentication Realms
Authentication realms define the details required to contact the authentication servers and specify which
authentication scheme to use when communicating with clients. AsyncOS supports multiple
authentication realms. Realms can also be grouped into authentication sequences that allow users with
different authentication requirements to be managed through the same policies.
authentication scheme to use when communicating with clients. AsyncOS supports multiple
authentication realms. Realms can also be grouped into authentication sequences that allow users with
different authentication requirements to be managed through the same policies.
•
•
•
•
•
•