Cisco Cisco Web Security Appliance S380 Guía Del Usuario
20-19
Cisco IronPort AsyncOS 7.7 for Web User Guide
Chapter 20 Authentication
Configuring Global Authentication Settings
The remaining authentication settings you can configure depends on how the Web Proxy is deployed, in
transparent or explicit forward mode.
transparent or explicit forward mode.
Step 3
If the Web Proxy is deployed in transparent mode, edit the settings in
Re-authentication
(Enable Re-Authentication
Prompt If End User Blocked
by URL Category or User
Session Restriction)
Prompt If End User Blocked
by URL Category or User
Session Restriction)
This setting allows users to authenticate again if the user is blocked
from a website due to a restrictive URL filtering policy or due to being
restricted from logging into another IP address.
from a website due to a restrictive URL filtering policy or due to being
restricted from logging into another IP address.
The user sees a block page that includes a link that allows them to enter
new authentication credentials. If the user enters credentials that allow
greater access, the requested page appears in the browser.
new authentication credentials. If the user enters credentials that allow
greater access, the requested page appears in the browser.
Note: This setting only applies to authenticated users who are blocked
due to restrictive URL filtering policies or User Session Restrictions.
It does not apply to blocked transactions by subnet with no
authentication.
due to restrictive URL filtering policies or User Session Restrictions.
It does not apply to blocked transactions by subnet with no
authentication.
For more information, see
.
Basic Authentication Token
TTL
TTL
Controls the length of time that user credentials are stored in the cache
before revalidating them with the authentication server. This includes
the username and password and the directory groups associated with
the user.
before revalidating them with the authentication server. This includes
the username and password and the directory groups associated with
the user.
The default value is the recommended setting. When the Surrogate
Timeout setting is configured and is greater than the Basic
Authentication Token TTL, then the Surrogate Timeout value takes
precedence and the Web Proxy contacts the authentication server after
surrogate timeout expires.
Timeout setting is configured and is greater than the Basic
Authentication Token TTL, then the Surrogate Timeout value takes
precedence and the Web Proxy contacts the authentication server after
surrogate timeout expires.
Table 20-8
Global Authentication Settings (continued)
Setting
Description
Table 20-9
Transparent Proxy Mode Authentication Settings
Setting
Description
Credential Encryption
This setting specifies whether or not the client sends the login credentials to
the Web Proxy through an encrypted HTTPS connection.
the Web Proxy through an encrypted HTTPS connection.
This setting applies to both Basic and NTLMSSP authentication schemes,
but it is particularly useful for Basic authentication scheme because user
credentials are sent as plain text.
but it is particularly useful for Basic authentication scheme because user
credentials are sent as plain text.
For more information, see
.
HTTPS Redirect Port
Specify a TCP port to use for redirecting requests for authenticating users
over an HTTPS connection.
over an HTTPS connection.
This specifies through which port the client will open a connection to the
Web Proxy using HTTPS. This occurs when credential encryption is enabled
or when using SaaS Access Control and SaaS users are prompted to
authenticate.
Web Proxy using HTTPS. This occurs when credential encryption is enabled
or when using SaaS Access Control and SaaS users are prompted to
authenticate.