Cisco Cisco Web Security Appliance S190 Guía Del Usuario
20-16
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 20 Authentication
Appliance Behavior with Multiple Authentication Realms
Note
All sequence and realm names must be unique and only contain alphanumeric characters or the
space character. Also, if the Web Security appliance is managed by a Security Management
appliance, ensure that authentication realms on different Web Security appliances with the same
name have the exact same properties defined on each appliance.
space character. Also, if the Web Security appliance is managed by a Security Management
appliance, ensure that authentication realms on different Web Security appliances with the same
name have the exact same properties defined on each appliance.
Step 3
In the first row of the Realm Sequence for Basic Scheme area, choose the first authentication realm you
want to include in the sequence.
want to include in the sequence.
Step 4
In the second row of the Realm Sequence for Basic Scheme area, choose the next realm you want to
include in the sequence.
include in the sequence.
Step 5
(Optional) Click Add Row to include another realm that uses Basic credentials.
Note
You can delete a realm from the sequence by clicking the trash can icon for that row.
Step 6
If an NTLM realm is defined, choose an NTLM realm in the Realm for NTLMSSP Scheme field.
The Web Proxy uses this NTLM realm when the client sends NTLMSSP authentication credentials.
Step 7
Submit and commit your changes.
Deleting Authentication Sequences
If you delete an authentication sequence, any Access Policy group that depends on the deleted sequence
becomes disabled.
becomes disabled.
Step 1
On the Network > Authentication page, click the trash can icon for the sequence name.
Step 2
Confirm that you want to delete the sequence by clicking Delete.
Step 3
Commit your changes.
Appliance Behavior with Multiple Authentication Realms
You can configure the Web Security appliance to attempt authenticating clients against multiple
authentication servers, and against authentication servers with different authentication protocols. When
you configure the appliance to authenticate against multiple authentication servers, it only requests the
credentials from the clients once. This is true even when you configure the appliance to authenticate
against different protocols.
authentication servers, and against authentication servers with different authentication protocols. When
you configure the appliance to authenticate against multiple authentication servers, it only requests the
credentials from the clients once. This is true even when you configure the appliance to authenticate
against different protocols.
You might want to configure an Identity group to authenticate against different realms if your
organization acquires another organization that has its own authentication server using the same or a
different authentication protocol. That way, you can create one Identity group for all users and assign to
the Identity group an authentication sequence that contains a realm for each authentication server.
organization acquires another organization that has its own authentication server using the same or a
different authentication protocol. That way, you can create one Identity group for all users and assign to
the Identity group an authentication sequence that contains a realm for each authentication server.
When you assign an authentication sequence with multiple realms to an Identity group and a client sends
a web request, the appliance performs the following actions:
a web request, the appliance performs the following actions:
1.
The appliance gets the credentials from the client.