Cisco Cisco Web Security Appliance S670 User Guide
338
I R O N P O R T A S Y N C O S 6 . 3 F O R W E B U S E R G U I D E
• Basic. Allows a client application to provide authentication credentials in the form of a
user name and password when it makes a request. You can use the Basic authentication
scheme with either an LDAP or Active Directory server.
scheme with either an LDAP or Active Directory server.
• NTLMSSP. Allows the client application to provide authentication credentials in the form
of a challenge and response. It uses a binary message format to authenticate clients that
use the NTLM protocol to access network resources. You can use the NTLMSSP
authentication scheme only with an Active Directory server. When the Web Proxy uses
NTLMSSP, most client applications can use the Windows login credentials for
authentication and users do not need to enter their credentials again. This is called “single
sign-on.”
use the NTLM protocol to access network resources. You can use the NTLMSSP
authentication scheme only with an Active Directory server. When the Web Proxy uses
NTLMSSP, most client applications can use the Windows login credentials for
authentication and users do not need to enter their credentials again. This is called “single
sign-on.”
Table 16-1 describes the different authentication scenarios you can configure between the
Web Security appliance and the client and between the Web Security appliance and the
authentication server.
Web Security appliance and the client and between the Web Security appliance and the
authentication server.
Web Proxy deployment also affects how authentication works in each of the scenarios
described in Table 16-1. For more information, see “How Web Proxy Deployment Affects
Authentication” on page 339.
described in Table 16-1. For more information, see “How Web Proxy Deployment Affects
Authentication” on page 339.
Basic versus NTLMSSP Authentication Schemes
When you configure an Identity group to use authentication, you choose the authentication
scheme, either Basic or NTLMSSP. The authentication scheme affects the user experience and
the security of users’ passwords.
scheme, either Basic or NTLMSSP. The authentication scheme affects the user experience and
the security of users’ passwords.
Table 16-1 Web Security Appliance Authentication Scenarios
Client to Web Security
Appliance
Appliance
Web Security Appliance to
Authentication Server
Authentication Server
Authentication Server Type
Basic LDAP LDAP
server
Basic
LDAP
Active Directory server using LDAP
Basic
NTLM
Active Directory server using NTLM
NTLMSSP
NTLM
Active Directory server using NTLM