Cisco Cisco Web Security Appliance S690 User Guide
8-8
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 8 Identities
Matching Client Requests to Identity Groups
•
A user sends a request from an application that chooses NTLMSSP over Basic.
•
The user only exists in the LDAP realm.
When this happens, the Web Proxy uses the NTLMSSP scheme to authenticate users in this Identity
group because the client requests it. However, LDAP servers do not support NTLMSSP, so no user that
exists only in the specified LDAP server(s) can pass authentication in this Identity group.
group because the client requests it. However, LDAP servers do not support NTLMSSP, so no user that
exists only in the specified LDAP server(s) can pass authentication in this Identity group.
Therefore, when you need to use an authentication sequence that contains both LDAP and NTLM
realms, consider the client applications that might try to access a URL when you configure the
authentication scheme for an Identity group. For example, you might want to choose Basic as the only
authentication scheme for an Identity group in some cases.
realms, consider the client applications that might try to access a URL when you configure the
authentication scheme for an Identity group. For example, you might want to choose Basic as the only
authentication scheme for an Identity group in some cases.
Matching Client Requests to Identity Groups
shows how the Web Proxy evaluates a client request against the Identity groups
when the Identity is configured to use:
•
No authentication surrogates
•
IP addresses as authentication surrogates
•
Cookies as authentication surrogates with transparent requests
•
Cookies as authentication surrogates with explicit requests and credential encryption is enabled
shows how the Web Proxy evaluates a client request against the Identity groups
when the Identity is configured to use cookies as the authentication surrogates, credential encryption is
enabled, and the request is explicitly forwarded.
enabled, and the request is explicitly forwarded.