Cisco Cisco Web Security Appliance S370 사용자 가이드

When you assign an authentication sequence with multiple realms to a policy 
group and a client sends a content request, the appliance performs the following 
actions:

The appliance gets the credentials from the client.

The appliance attempts to authenticate the client against the authentication 
server(s) defined in the first realm in the sequence. 

If the client credentials do not match a user in the servers defined in the first 
realm, it tries to authenticate against the authentication server(s) in the next realm 
in the sequence.

The appliance continues trying to authenticate the client against servers in the 
next realms until it either succeeds or runs out of authentication realms.

When authentication succeeds, the appliance passes the content response to the 
client.

When the appliance fails to authenticate the client against any authentication 
realm in the sequence, the appliance does not allow the client to connect to the 
destination server. Instead, it displays an error message to the client.

Tip: For optimal performance, configure clients on a subnet to be authenticated 
in a single realm.

When you create or edit an authentication realm, you enter a lot of configuration 
settings to connect to the authentication server. You can test the settings you enter 
before submitting the changes to verify you entered the connection information 
correctly.

You can test authentication setting from either the CLI or the web interface:

Web interface. Use Start Test when you create or edit an authentication 
realm. For more information, see 

CLI command. Use the 

testauthconfig

 command. For more information, 

see 

.