Cisco Cisco Web Security Appliance S160 Guía Del Usuario
5-34
AsyncOS 9.0 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Credentials
For Internet Explorer, be sure the Redirect Hostname is the short host name (containing no dots) or the
NetBIOS name rather than a fully qualified domain. Alternatively, you can add the appliance host name
to Internet Explorer’s Local intranet zone (Tools > Internet options > Security tab); however, this will be
required on every client. For more information about this, see
NetBIOS name rather than a fully qualified domain. Alternatively, you can add the appliance host name
to Internet Explorer’s Local intranet zone (Tools > Internet options > Security tab); however, this will be
required on every client. For more information about this, see
With Firefox and other non-Microsoft browsers, the parameters network.negotiate-auth.delegation-uris,
network.negotiate-auth.trusted-uris and network.automatic-ntlm-auth.trusted-uris must be set to the
transparent-mode Redirect Hostname. You also can refer to
network.negotiate-auth.trusted-uris and network.automatic-ntlm-auth.trusted-uris must be set to the
transparent-mode Redirect Hostname. You also can refer to
. This
provides general information about changing Firefox parameters.
, or the CLI
command
Authentication and Authorization Failures
If authentication fails for accepted reasons, such as incompatible client applications, you can grant
guest access.
guest access.
If authentication succeeds but authorization fails, it is possible to allow re-authentication using a
different set of credentials that may be authorized to access the requested resource.
different set of credentials that may be authorized to access the requested resource.
Related Topics
•
•
Credential Format
Credential Encryption for Basic Authentication
About Credential Encryption for Basic Authentication
Enable credential encryption to transmit credentials over HTTPS in encrypted form. This increases
security of the basic authentication process.
security of the basic authentication process.
The Web Security appliance uses its own certificate and private key by default to create an HTTPS
connection with the client for the purposes of secure authentication. Most browsers will warn users,
however, that this certificate is not valid. To prevent users from seeing the invalid certificate message,
you can upload a valid certificate and key pair that your organization uses.
connection with the client for the purposes of secure authentication. Most browsers will warn users,
however, that this certificate is not valid. To prevent users from seeing the invalid certificate message,
you can upload a valid certificate and key pair that your organization uses.
Authentication Scheme
Credential Format
NTLMSSP
MyDomain\jsmith
Basic
jsmith
MyDomain\jsmith
Note
If the user does not enter the Windows domain, the Web Proxy
prepends the default Windows domain.
prepends the default Windows domain.