Cisco Cisco Web Security Appliance S680 Guía Del Usuario
Chapter 20 Authentication
Testing Authentication Settings
20-20
Cisco IronPort AsyncOS 7.1 for Web User Guide
OL-23207-01
When you assign an authentication sequence with multiple realms to a policy
group and a client sends a content request, the appliance performs the following
actions:
group and a client sends a content request, the appliance performs the following
actions:
Step 1
The appliance gets the credentials from the client.
Step 2
The appliance attempts to authenticate the client against the authentication
server(s) defined in the first realm in the sequence.
server(s) defined in the first realm in the sequence.
Step 3
If the client credentials do not match a user in the servers defined in the first
realm, it tries to authenticate against the authentication server(s) in the next realm
in the sequence.
realm, it tries to authenticate against the authentication server(s) in the next realm
in the sequence.
Step 4
The appliance continues trying to authenticate the client against servers in the
next realms until it either succeeds or runs out of authentication realms.
next realms until it either succeeds or runs out of authentication realms.
Step 5
When authentication succeeds, the appliance passes the content response to the
client.
client.
Step 6
When the appliance fails to authenticate the client against any authentication
realm in the sequence, the appliance does not allow the client to connect to the
destination server. Instead, it displays an error message to the client.
realm in the sequence, the appliance does not allow the client to connect to the
destination server. Instead, it displays an error message to the client.
Tip: For optimal performance, configure clients on a subnet to be authenticated
in a single realm.
in a single realm.
Testing Authentication Settings
When you create or edit an authentication realm, you enter a lot of configuration
settings to connect to the authentication server. You can test the settings you enter
before submitting the changes to verify you entered the connection information
correctly.
settings to connect to the authentication server. You can test the settings you enter
before submitting the changes to verify you entered the connection information
correctly.
You can test authentication setting from either the CLI or the web interface:
•
Web interface. Use Start Test when you create or edit an authentication
realm. For more information, see
realm. For more information, see
.
•
CLI command. Use the
testauthconfig
command. For more information,
see
.