Cisco Cisco Web Security Appliance S690 User Guide
5-21
AsyncOS 8.7 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Realms
Step 1
Choose Network > Authentication
Step 2
Click Edit Global Settings.
Step 3
Edit the settings in the Global Authentication Settings section:.
The remaining authentication settings you can configure depends on how the Web Proxy is deployed, in
transparent or explicit forward mode.
transparent or explicit forward mode.
Setting
Description
Action if Authentication
Service Unavailable
Service Unavailable
Choose one of the following values:
•
Permit traffic to proceed without authentication. Processing
continues as if the user was authenticated.
continues as if the user was authenticated.
•
Block all traffic if user authentication fails. Processing is
discontinued and all traffic is blocked.
discontinued and all traffic is blocked.
Failed Authentication
Handling
Handling
When you grant users guest access in an Identification Profile policy,
this setting determines how the Web Proxy identifies and logs the user
as a guest in the access logs.
this setting determines how the Web Proxy identifies and logs the user
as a guest in the access logs.
For more information on granting users guest access, see
.
Re-authentication
(Enable Re-Authentication
Prompt If End User Blocked
by URL Category or User
Session Restriction)
Prompt If End User Blocked
by URL Category or User
Session Restriction)
This setting allows users to authenticate again if the user is blocked
from a website due to a restrictive URL filtering policy or due to being
restricted from logging into another IP address.
from a website due to a restrictive URL filtering policy or due to being
restricted from logging into another IP address.
The user sees a block page that includes a link that allows them to enter
new authentication credentials. If the user enters credentials that allow
greater access, the requested page appears in the browser.
new authentication credentials. If the user enters credentials that allow
greater access, the requested page appears in the browser.
Note: This setting only applies to authenticated users who are blocked
due to restrictive URL filtering policies or User Session Restrictions. It
does not apply to blocked transactions by subnet with no authentication.
due to restrictive URL filtering policies or User Session Restrictions. It
does not apply to blocked transactions by subnet with no authentication.
For more information, see
.
Basic Authentication
Token TTL
Token TTL
Controls the length of time that user credentials are stored in the cache
before revalidating them with the authentication server. This includes
the username and password and the directory groups associated with
the user.
before revalidating them with the authentication server. This includes
the username and password and the directory groups associated with
the user.
The default value is the recommended setting. When the Surrogate
Timeout setting is configured and is greater than the Basic
Authentication Token TTL, then the Surrogate Timeout value takes
precedence and the Web Proxy contacts the authentication server after
surrogate timeout expires.
Timeout setting is configured and is greater than the Basic
Authentication Token TTL, then the Surrogate Timeout value takes
precedence and the Web Proxy contacts the authentication server after
surrogate timeout expires.