Cisco Cisco Web Security Appliance S690 User Guide
6-13
Cisco AsyncOS for Web User Guide
Chapter 6 Acquire End-User Credentials
Authentication Realms
The remaining authentication settings you can configure depends on how the Web Proxy is deployed, in
transparent or explicit forward mode.
transparent or explicit forward mode.
Step 4
If the Web Proxy is deployed in transparent mode, edit the settings as follows:
Re-authentication
(Enable Re-Authentication
Prompt If End User Blocked
by URL Category or User
Session Restriction)
Prompt If End User Blocked
by URL Category or User
Session Restriction)
This setting allows users to authenticate again if the user is blocked
from a website due to a restrictive URL filtering policy or due to being
restricted from logging into another IP address.
from a website due to a restrictive URL filtering policy or due to being
restricted from logging into another IP address.
The user sees a block page that includes a link that allows them to enter
new authentication credentials. If the user enters credentials that allow
greater access, the requested page appears in the browser.
new authentication credentials. If the user enters credentials that allow
greater access, the requested page appears in the browser.
Note: This setting only applies to authenticated users who are blocked
due to restrictive URL filtering policies or User Session Restrictions.
It does not apply to blocked transactions by subnet with no
authentication.
due to restrictive URL filtering policies or User Session Restrictions.
It does not apply to blocked transactions by subnet with no
authentication.
For more information, see
.
Basic Authentication Token
TTL
TTL
Controls the length of time that user credentials are stored in the cache
before revalidating them with the authentication server. This includes
the username and password and the directory groups associated with
the user.
before revalidating them with the authentication server. This includes
the username and password and the directory groups associated with
the user.
The default value is the recommended setting. When the Surrogate
Timeout setting is configured and is greater than the Basic
Authentication Token TTL, then the Surrogate Timeout value takes
precedence and the Web Proxy contacts the authentication server after
surrogate timeout expires.
Timeout setting is configured and is greater than the Basic
Authentication Token TTL, then the Surrogate Timeout value takes
precedence and the Web Proxy contacts the authentication server after
surrogate timeout expires.
Setting
Description
Setting
Description
Credential Encryption
This setting specifies whether or not the client sends the login credentials to
the Web Proxy through an encrypted HTTPS connection.
the Web Proxy through an encrypted HTTPS connection.
This setting applies to both Basic and NTLMSSP authentication schemes,
but it is particularly useful for Basic authentication scheme because user
credentials are sent as plain text.
but it is particularly useful for Basic authentication scheme because user
credentials are sent as plain text.
For more information, see
HTTPS Redirect Port
Specify a TCP port to use for redirecting requests for authenticating users
over an HTTPS connection.
over an HTTPS connection.
This specifies through which port the client will open a connection to the
Web Proxy using HTTPS. This occurs when credential encryption is enabled
or when using Access Control and users are prompted to authenticate.
Web Proxy using HTTPS. This occurs when credential encryption is enabled
or when using Access Control and users are prompted to authenticate.