Cisco Cisco Web Security Appliance S670 Mode D'Emploi
5-34
AsyncOS 9.0.1 for Cisco Web Security Appliances User Guide
Chapter 5 Acquire End-User Credentials
Failed Authentication
Supported Authentication Surrogates for Explicit Requests
Supported Authentication Surrogates for Transparent Requests
Note
See also the description of the Authentication Surrogates options in
.
* Works after the client makes a request to an HTTP site and is authenticated. Before this happens, the
behavior depends on the transaction type:
behavior depends on the transaction type:
•
Native FTP transactions. Transactions bypass authentication.
•
HTTPS transactions. Transactions are dropped. However, you can configure the HTTPS Proxy to
decrypt the first HTTPS request for authentication purposes.
decrypt the first HTTPS request for authentication purposes.
** When cookie-based authentication is used, the Web Proxy cannot authenticate the user for HTTPS,
native FTP, and FTP over HTTP transactions. Due to this limitation, all HTTPS, native FTP, and FTP
over HTTP requests bypass authentication, so authentication is not requested at all.
native FTP, and FTP over HTTP transactions. Due to this limitation, all HTTPS, native FTP, and FTP
over HTTP requests bypass authentication, so authentication is not requested at all.
*** No surrogate is used in this case even though cookie-based surrogate is configured.
Related Topics
•
Tracking Re-Authenticated Users
With re-authentication, if a more privileged user authenticates and is authorized, the Web Proxy caches
this user identity for different amounts of time depending on the authentication surrogates configured:
this user identity for different amounts of time depending on the authentication surrogates configured:
•
Session cookie. The privileged user identity is used until the browser is closed or the session
times out.
times out.
Surrogate Types
Credential Encryption Disabled
Credential Encryption Enabled
Protocol:
HTTP
HTTPS &
FTP over
HTTP
HTTP
Native FTP
HTTP
HTTPS &
FTP over
HTTP
HTTP
Native FTP
No Surrogate
Yes
Yes
Yes
NA
NA
NA
IP-based
Yes
Yes
Yes
Yes
Yes
Yes
Cookie-based
Yes
Yes***
Yes***
Yes
No/Yes**
Yes***
Surrogate Types
Credential Encryption Disabled
Credential Encryption Enabled
Protocol:
HTTP
HTTPS
Native FTP
HTTP
HTTPS
Native FTP
No Surrogate
NA
NA
NA
NA
NA
NA
IP-based
Yes
No/Yes*
No/Yes*
Yes
No/Yes*
No/Yes*
Cookie-based
Yes
No/Yes**
No/Yes**
Yes
No/Yes**
No/Yes**