Cisco Cisco Web Security Appliance S170 Guía Del Usuario
T R A C K I N G A U T H E N T I C A T E D U S E R S
C H A P T E R 1 7 : A U T H E N T I C A T I O N
389
TR A C K I N G A U T H E N T I C A T E D U S E R S
Table 17-11 describes which authentication surrogates are supported with other
configurations and different types of requests (explicitly forwarded and transparently
redirected).
configurations and different types of requests (explicitly forwarded and transparently
redirected).
* Works after the client makes a request to an HTTP site and is authenticated. All requests to
HTTPS sites before this happens are dropped citing authentication failure.
HTTPS sites before this happens are dropped citing authentication failure.
** When cookie-based authentication is used, the Web Proxy cannot authenticate the user for
HTTPS and FTP over HTTP transactions. Due to this limitation, all HTTPS and FTP over HTTP
requests bypass authentication, so authentication is not requested at all. For more information
on how HTTPS requests are assigned Identity and non-Identity policy groups, see “How
Authentication Affects HTTPS and FTP over HTTP Requests” on page 149.
HTTPS and FTP over HTTP transactions. Due to this limitation, all HTTPS and FTP over HTTP
requests bypass authentication, so authentication is not requested at all. For more information
on how HTTPS requests are assigned Identity and non-Identity policy groups, see “How
Authentication Affects HTTPS and FTP over HTTP Requests” on page 149.
*** No surrogate is used in this case even though cookie-based surrogate is configured.
Table 17-11 Supported Authentication Surrogates
Surrogate
Types
Types
Explicit Requests
Transparent Requests
Credential
Encryption:
Encryption:
Disabled
Enabled
Disabled
Enabled
Protocol:
HTTP
HTTPS &
FTP over
HTTP
FTP over
HTTP
HTTP
HTTPS &
FTP over
HTTP
FTP over
HTTP
HTTP
HTTPS
HTTP
HTTPS
No Surrogate
Yes
Yes
NA
NA
NA
NA
NA
NA
IP-based
Yes
Yes
Yes
Yes
Yes
No/Yes*
Yes
No/Yes*
Cookie-based
Yes
Yes***
Yes
No/Yes**
Yes
No/
Yes**
Yes**
Yes
No/
Yes**
Yes**