Cisco Cisco Web Security Appliance S690 User Guide
![Cisco](https://files.manualsbrain.com/attachments/7380d0050044647c30f5c24bbbf5d0c0b6d9bb84/common/fit/150/50/faa183d287233c52228cfea3dbc2a127fe780f60564fcb0955d9c3d1cd23/brand_logo.png)
6-6
AsyncOS 8.5 for Cisco Web Security Appliances User Guide
Chapter 6 Classify End-Users and Client Software
Classifying Users and Client Software
Step 12
Choose the settings in the Authentication Surrogate section, when authentication is required (a
protocol must first be defined). These settings specify the way that transactions will be associated with a
user after the user has authenticated successfully.
protocol must first be defined). These settings specify the way that transactions will be associated with a
user after the user has authenticated successfully.
Options vary depending on the Web Proxy deployment mode.
Note
You can define a timeout valve for the authentication surrogate for all requests using Global
Authentication Settings.
Authentication Settings.
Surrogate Type
Description
IP Address
The Web Proxy tracks an authenticated user at a particular IP address.
Tip
For transparent user identification, choose IP Address.
Persistent Cookie
The Web Proxy tracks an authenticated user on a particular application by
generating a persistent cookie for each user per application. Closing the
application does not remove the cookie.
generating a persistent cookie for each user per application. Closing the
application does not remove the cookie.
Session Cookie
The Web Proxy tracks an authenticated user on a particular application by
generating a session cookie for each user per domain per application. (However,
when a user provides different credentials for the same domain from the same
application, the cookie is overwritten.) Closing the application removes the
cookie.
generating a session cookie for each user per domain per application. (However,
when a user provides different credentials for the same domain from the same
application, the cookie is overwritten.) Closing the application removes the
cookie.
No Surrogate
The Web Proxy does not use a surrogate to cache the credentials, and it tracks an
authenticated user for every new TCP connection. When you choose this option,
the web interface disables other settings that no longer apply. This option is
available only in explicit forward mode and when you disable credential
encryption on the Network > Authentication page.
authenticated user for every new TCP connection. When you choose this option,
the web interface disables other settings that no longer apply. This option is
available only in explicit forward mode and when you disable credential
encryption on the Network > Authentication page.
Apply same surrogate
settings to explicit
forward requests
settings to explicit
forward requests
Select whether or not the surrogate used for transparent requests should also
be used for explicit requests.
be used for explicit requests.
Selecting this will enable credential encryption automatically.
This option appears only when the Web Proxy is deployed in transparent
mode.
mode.