Cisco Cisco Web Security Appliance S380 User Guide
5-22
AsyncOS 8.1 for Cisco Web Security User Guide
Chapter 5 Acquire End-User Credentials
Failed Authentication
Step 4
Submit and commit your changes.
Failed Authorization: Allowing Re-Authentication with Different Credentials
•
•
About Allowing Re-Authentication with Different Credentials
Use re-authentication to allow users the opportunity to authenticate again, using different credentials, if
the credentials they previously used have failed authorization. A user may authenticate successfully but
still be prevented from accessing a web resource if not authorized to do so. This is because authentication
merely identifies users for the purpose of passing their verified credentials on to policies, but it is the
policies that authorize those users (or not) to access resources.
the credentials they previously used have failed authorization. A user may authenticate successfully but
still be prevented from accessing a web resource if not authorized to do so. This is because authentication
merely identifies users for the purpose of passing their verified credentials on to policies, but it is the
policies that authorize those users (or not) to access resources.
A user must have authenticated successfully to be allowed to re-authenticate.
To use the re-authentication feature with user defined end-user notification pages, the CGI script that
parses the redirect URL must parse and use the Reauth_URL parameter.
parses the redirect URL must parse and use the Reauth_URL parameter.
Allowing Re-Authentication with Different Credentials
Step 1
Choose Network > Authentication.
Step 2
Click Edit Global Settings.
Step 3
Check the Re-Authentication Prompt If End User Blocked by URL Category Or User Session
Restriction check box.
Restriction check box.
Step 4
Click Submit.
Tracking Identified Users
Note
When the appliance is configured to use cookie-based authentication surrogates, it does not get cookie
information from clients for HTTPS and FTP over HTTP requests. Therefore, it cannot get the user name
from the cookie.
information from clients for HTTPS and FTP over HTTP requests. Therefore, it cannot get the user name
from the cookie.
Surrogate Types
Credential Encryption Disabled
Credential Encryption Enabled
Protocol:
HTTP
HTTPS &
FTP over
HTTP
HTTP
Native FTP
HTTP
HTTPS &
FTP over
HTTP
HTTP
Native FTP
No Surrogate
Yes
Yes
Yes
NA
NA
NA