Cisco Cisco Web Security Appliance S170 Guía Del Usuario
Chapter 20 Authentication
Understanding How Authentication Works
20-10
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
authentication.
Transparent Deployment, Basic Authentication
The 407 HTTP response “Proxy Authentication Required” is allowed from proxy
servers only. However, when the Web Proxy is deployed in transparent mode, its
existence is hidden from client applications on the network. Therefore, the Web
Proxy cannot return a 407 response.
servers only. However, when the Web Proxy is deployed in transparent mode, its
existence is hidden from client applications on the network. Therefore, the Web
Proxy cannot return a 407 response.
To address this problem, the authentication process comprises these steps:
Step 1
Client sends a request to a web page and the Web Proxy transparently intercepts it.
Step 2
Web Proxy uses a 307 HTTP response to redirect the client to the Web Proxy
which masquerades as a local web server.
which masquerades as a local web server.
Step 3
Client sends a request to the redirected URL.
Step 4
Web Proxy sends a 401 HTTP response “Authorization required.”
Step 5
User is prompted for credentials and enters them.
Step 6
Client sends the request again, but this time with the credentials in an
“Authorization” HTTP header.
“Authorization” HTTP header.
Step 7
Web Proxy confirms the credentials, tracks the user by IP address or with a
cookie, and then redirects the client to the originally requested server.
cookie, and then redirects the client to the originally requested server.
Note
You can configure the Web Proxy to use either IP addresses or cookies to
track authenticated users.
track authenticated users.
Advantages
Disadvantages
•
RFC-based
•
Supported by all browsers and most
other applications
other applications
•
Minimal overhead
•
Works for HTTPS (CONNECT)
requests
requests
•
Password sent as clear text
(Base64) for every request
(Base64) for every request
•
No single sign-on