Cisco Cisco Web Security Appliance S690 User Guide

Choose the settings in the Authentication Surrogate section, when authentication is required (a 
protocol must first be defined). These settings specify the way that transactions will be associated with a 
user after the user has authenticated successfully. 

Options vary depending on the Web Proxy deployment mode.

You can define a timeout valve for the authentication surrogate for all requests using Global 
Authentication Settings.

IP Address

The Web Proxy tracks an authenticated user at a particular IP address. 

For transparent user identification, choose IP Address.

Persistent Cookie 

The Web Proxy tracks an authenticated user on a particular application by 
generating a persistent cookie for each user per application. Closing the 
application does not remove the cookie. 

Session Cookie 

The Web Proxy tracks an authenticated user on a particular application by 
generating a session cookie for each user per domain per application. (However, 
when a user provides different credentials for the same domain from the same 
application, the cookie is overwritten.) Closing the application removes the 
cookie. 

No Surrogate 

The Web Proxy does not use a surrogate to cache the credentials, and it tracks an 
authenticated user for every new TCP connection. When you choose this option, 
the web interface disables other settings that no longer apply. This option is 
available only in explicit forward mode and when you disable credential 
encryption on the Network > Authentication page.

Apply same surrogate 
settings to explicit 
forward requests

Select whether or not the surrogate used for transparent requests should also 
be used for explicit requests. 

Selecting this will enable credential encryption automatically.

This option appears only when the Web Proxy is deployed in transparent 
mode.