Cisco Cisco Web Security Appliance S170 ユーザーガイド

5-3

AsyncOS 8.5 for Cisco Web Security Appliances User Guide

Chapter 5 Acquire End-User Credentials

Authentication Realms

Tracking Credentials for Reuse During a Session

Using authentication surrogates, after a user authenticates once during a session, you can track
credentials for reuse throughout that session rather than having the user authenticate for each new
request. Authentication surrogates may be based on the IP address of the user’s workstation or on a
cookie that is assigned to the session.

Authentication and Authorization Failures

If authentication fails for accepted reasons, such as incompatible client applications, you can grant guest
access.

If authentication succeeds but authorization fails, it is possible to allow re-authentication using a
different set of credentials that may be authorized to access the requested resource.

Related Topics

•

Granting Guest Access After Failed Authentication, page 5-22

•

Allowing Re-Authentication with Different Credentials, page 5-23

Authentication Realms

Authentication realms define the details required to contact the authentication servers and specify which
authentication scheme to use when communicating with clients. AsyncOS supports multiple
authentication realms. Realms can also be grouped into authentication sequences that allow users with
different authentication requirements to be managed through the same policies.

•

External Authentication, page 5-3

•

Creating an Active Directory Realm for Kerberos Authentication Scheme, page 5-4

•

Creating an Active Directory Authentication Realm, page 5-6

•

Creating an LDAP Authentication Realm, page 5-8

•

About Deleting Authentication Realms, page 5-13

•

Configuring Global Authentication Settings, page 5-13