Cisco Cisco Web Security Appliance S370 Guía Del Usuario
20-5
Cisco IronPort AsyncOS 7.0 for Web User Guide
OL-23079-01
Chapter 20 Authentication
Understanding How Authentication Works
authentication. Or, you can define an Identity policy based on a custom URL
category to exclude all clients from requiring authentication when accessing
particular URLs.
category to exclude all clients from requiring authentication when accessing
particular URLs.
•
Authentication server is unavailable. An authentication server might be
unavailable if the network connection is broken or if the server is
experiencing a problem. To avoid this problem, configure the “Action if
Authentication Service Unavailable” global authentication setting. For more
information, see
unavailable if the network connection is broken or if the server is
experiencing a problem. To avoid this problem, configure the “Action if
Authentication Service Unavailable” global authentication setting. For more
information, see
.
•
Invalid credentials. When a client passes invalid authentication credentials,
the Web Proxy continually requests valid credentials, essentially blocking
access to the web by default. However, you can grant limited access to users
who fail authentication. For more information, see
the Web Proxy continually requests valid credentials, essentially blocking
access to the web by default. However, you can grant limited access to users
who fail authentication. For more information, see
Note
You can configure the Web Proxy to request authentication again if an
authenticated user is blocked from a website due to restrictive URL filtering or
being prevented from logging into multiple machines simultaneously. To do this,
enable the “Enable Re-Authentication Prompt If End User Blocked by URL
Category or User Session Restriction” global authentication setting. For more
information, see
authenticated user is blocked from a website due to restrictive URL filtering or
being prevented from logging into multiple machines simultaneously. To do this,
enable the “Enable Re-Authentication Prompt If End User Blocked by URL
Category or User Session Restriction” global authentication setting. For more
information, see
.
Understanding How Authentication Works
To authenticate users who access the web, the Web Security appliance connects
to an external authentication server. The authentication server contains a list of
users and their corresponding passwords and it organizes the users into a
hierarchy. For users on the network to successfully authenticate, they must
provide valid authentication credentials (user name and password as stored in the
authentication server).
to an external authentication server. The authentication server contains a list of
users and their corresponding passwords and it organizes the users into a
hierarchy. For users on the network to successfully authenticate, they must
provide valid authentication credentials (user name and password as stored in the
authentication server).
When users access the web through a Web Security appliance that requires
authentication, the Web Proxy asks the client for authentication credentials. The
Web Proxy communicates with both the client and the authentication server to
authenticate the user and process the request.
authentication, the Web Proxy asks the client for authentication credentials. The
Web Proxy communicates with both the client and the authentication server to
authenticate the user and process the request.
shows how the Web Security appliance communicates with clients
and authentication servers.