Cisco Cisco Web Security Appliance S170 Guida Utente
382
I R O N P O R T A S Y N C O S 6 . 5 F O R W E B U S E R G U I D E
Credential Cache Options:
Surrogate Type
Surrogate Type
This setting specifies the way that transactions used for
authenticating the client are associated with a user (either by
IP address or using a cookie) after the user has authenticated
successfully.
Choose one of the following options:
• IP Address. The Web Proxy authenticates the user at a
authenticating the client are associated with a user (either by
IP address or using a cookie) after the user has authenticated
successfully.
Choose one of the following options:
• IP Address. The Web Proxy authenticates the user at a
particular IP address. You can achieve single sign-on
behavior when you choose IP-based authentication.
behavior when you choose IP-based authentication.
• Persistent Cookie. The Web Proxy authenticates a user on
a particular application by generating a persistent cookie
for each user per application. The cookie is not removed
when the application is closed.
for each user per application. The cookie is not removed
when the application is closed.
• Session Cookie. The Web Proxy authenticates a user on a
particular application by generating a session cookie for
each user per application. The cookie is removed when
the application is closed.
each user per application. The cookie is removed when
the application is closed.
• No Surrogate. The Web Proxy does not use any surrogate
to cache the credentials, and it authenticates the user for
every new TCP connection. When you select this option,
the web interface disables other settings that no longer
apply. This option is available only when you disable
credential encryption.
every new TCP connection. When you select this option,
the web interface disables other settings that no longer
apply. This option is available only when you disable
credential encryption.
You might want to use IP-based authentication when there is
only one user on a client machine and you want users to be
able to achieve single sign-on behavior.
You might want to choose cookie-based authentication
when there are multiple users on one machine, such as a
Citrix server.
For more information about which authentication surrogates
are supported with other configurations and different types
of requests, see “Tracking Authenticated Users” on
page 389.
only one user on a client machine and you want users to be
able to achieve single sign-on behavior.
You might want to choose cookie-based authentication
when there are multiple users on one machine, such as a
Citrix server.
For more information about which authentication surrogates
are supported with other configurations and different types
of requests, see “Tracking Authenticated Users” on
page 389.
Credential Cache Options:
Surrogate Timeout
Surrogate Timeout
This setting specifies how long the Web Proxy waits before
asking the client for authentication credentials again. Until
the Web Proxy asks for credentials again, it uses the value
stored in the surrogate (IP address or cookie).
Note that it is common for user agents, such as browsers, to
cache the authentication credentials so the user will not be
prompted to enter credentials each time.
asking the client for authentication credentials again. Until
the Web Proxy asks for credentials again, it uses the value
stored in the surrogate (IP address or cookie).
Note that it is common for user agents, such as browsers, to
cache the authentication credentials so the user will not be
prompted to enter credentials each time.
Table 17-10 Explicit Forward Proxy Mode Authentication Settings (Continued)
Setting
Description