Cisco Cisco Web Security Appliance S670 Mode D'Emploi
7-5
Cisco AsyncOS for Web User Guide
Chapter 7 Classify End-Users and Client Software
Classifying Users and Client Software
Step 10
If you chose an Active Directory authentication realm or sequence that contains an Active Directory
authentication realm, then choose the authentication scheme in the Select a Scheme field.
authentication realm, then choose the authentication scheme in the Select a Scheme field.
Step 11
Choose the settings in the Authentication Surrogate section, when authentication is required (a
protocol must first be defined). These settings specify the way that transactions will be associated with a
user after the user has authenticated successfully.
protocol must first be defined). These settings specify the way that transactions will be associated with a
user after the user has authenticated successfully.
Options vary depending on the Web Proxy deployment mode.
Identify Users
Transparently
Transparently
The user is identified by the current
IP address to user name mapping.
This option appears when at least
one authentication realm is defined
that supports transparent user
identification.
IP address to user name mapping.
This option appears when at least
one authentication realm is defined
that supports transparent user
identification.
Note
(For deployments with a
Security Management
appliance) When
configuring Identities on a
Security Management
appliance, this option
appears when a Web
Security appliance with an
authentication realm that
supports transparent user
identification has been
added as a managed
appliance.
Security Management
appliance) When
configuring Identities on a
Security Management
appliance, this option
appears when a Web
Security appliance with an
authentication realm that
supports transparent user
identification has been
added as a managed
appliance.
a.
In the Select a Realm or Sequence field,
choose a defined authentication realm that
supports transparent user identification;
choose a defined authentication realm that
supports transparent user identification;
–
an LDAP authentication realm that
supports Novell eDirectory
supports Novell eDirectory
–
an NTLM authentication realm that is
enabled for transparent user
identification.
enabled for transparent user
identification.
–
You can also choose a sequence that
contains only realms that support
transparent user identification.
contains only realms that support
transparent user identification.
b.
Choose whether to grant users guest access,
or force an authentication prompt to appear
to end users when transparent user
identification fails.
or force an authentication prompt to appear
to end users when transparent user
identification fails.
c.
To grant guest access to users who fail
authentication due to invalid credentials,
select the Support Guest privileges check
box.
authentication due to invalid credentials,
select the Support Guest privileges check
box.
Authenticate
User
User
The user is identified by the
authentication credentials entered.
This option appears when at least
one authentication realm is defined
authentication credentials entered.
This option appears when at least
one authentication realm is defined
a.
In the Select a Realm or Sequence field,
choose a defined authentication realm or
sequence.
choose a defined authentication realm or
sequence.
b.
To grant guest access to users who fail
authentication due to invalid credentials,
select the Support Guest privileges check
box.
authentication due to invalid credentials,
select the Support Guest privileges check
box.
Option
Description
Method
Surrogate Type
Description
IP Address
The Web Proxy tracks an authenticated user at a particular IP address.
Tip
For transparent user identification, choose IP Address.
Persistent Cookie
The Web Proxy tracks an authenticated user on a particular application by
generating a persistent cookie for each user per application. Closing the
application does not remove the cookie.
generating a persistent cookie for each user per application. Closing the
application does not remove the cookie.