Cisco Cisco Web Security Appliance S690 Guía Del Usuario
5-27
AsyncOS 9.2 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Authentication Sequences
About Authentication Sequences
Use authentication sequences to allow single Identities to authenticate users via different authentication
servers or protocols. Authentication sequences are also useful for providing backup options in case
primary authentication options become unavailable.
servers or protocols. Authentication sequences are also useful for providing backup options in case
primary authentication options become unavailable.
Authentication sequences are collections of two or more authentication realms. The realms used can
have different authentication servers and different authentication protocols. For more information on
authentication realms, see
have different authentication servers and different authentication protocols. For more information on
authentication realms, see
After you create a second authentication realm, the appliance automatically displays a Realm Sequences
section under Network > Authentication and includes a default authentication sequence named All
Realms. The All Realms sequence automatically includes each realm you define. You can change the
order of the realms within the All Realms sequence, but you cannot delete the All Realms sequence or
remove any realms from it.
section under Network > Authentication and includes a default authentication sequence named All
Realms. The All Realms sequence automatically includes each realm you define. You can change the
order of the realms within the All Realms sequence, but you cannot delete the All Realms sequence or
remove any realms from it.
When multiple NTLM authentication realms are defined, the Web Security appliance uses the
NTLMSSP authentication scheme with only one NTLM authentication realm per sequence. You can
choose which NTLM authentication realm to use for NTLMSSP within each sequence, including the All
Realms sequence. To use NTLMSSP with multiple NTLM realms, define a separate Identification
Profile for each realm.
NTLMSSP authentication scheme with only one NTLM authentication realm per sequence. You can
choose which NTLM authentication realm to use for NTLMSSP within each sequence, including the All
Realms sequence. To use NTLMSSP with multiple NTLM realms, define a separate Identification
Profile for each realm.
Which authentication realms within a sequence get used during authentication depends on:
•
The authentication scheme used. This is generally dictated by the type of credentials entered at
the client.
the client.
•
The order in which realms are listed within the sequence (for Basic realms only, as only one
NTLMSSP realm is possible).
NTLMSSP realm is possible).
Tip
For optimal performance, authenticate clients on the same subnet using a single realm.
Creating Authentication Sequences
Before You Begin
•
Create two or more authentication realms (see
).
•
If the Web Security appliance is managed by a Security Management appliance, ensure that
same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance. Be aware that AsyncOS will use the realms to process authentication
sequentially, beginning with the first realm in the list.
same-named authentication realms on different Web Security appliances have identical properties
defined on each appliance. Be aware that AsyncOS will use the realms to process authentication
sequentially, beginning with the first realm in the list.
Step 1
Choose Network > Authentication
Step 2
Click Add Sequence.
Step 3
Enter a unique name for the sequence using alphanumeric and space characters.
Step 4
In the first row of the Realm Sequence for Basic Scheme area, choose the first authentication realm you
want to include in the sequence.
want to include in the sequence.
Step 5
In the second row of the Realm Sequence for Basic Scheme area, choose the next realm you want to
include in the sequence.
include in the sequence.
Step 6
(Optional) Click Add Row to include another realm that uses Basic credentials.