Cisco Cisco Web Security Appliance S390 사용자 가이드
U S I N G R E - A U T H E N T I C A T I O N W I T H I N T E R N E T E X P L O R E R
C H A P T E R 1 6 : A U T H E N T I C A T I O N
367
Using Re-Authentication with Internet Explorer
When you enable re-authentication and clients use Microsoft Internet Explorer, you need to
verify certain settings to ensure re-authentication works properly with Internet Explorer. Due
to a known issue with Internet Explorer, re-authentication does not work properly under the
following circumstances:
verify certain settings to ensure re-authentication works properly with Internet Explorer. Due
to a known issue with Internet Explorer, re-authentication does not work properly under the
following circumstances:
• Internet Explorer is configured to use the Web Security appliance as a proxy.
• The Web Security appliance uses NTLMSSP authentication.
• The Web Security appliance uses cookies for authentication surrogates, but is not
configured for credential encryption.
• The Web Proxy is deployed in explicit forward mode, or it is deployed in transparent
mode and the “Apply same surrogate settings to explicit forward requests” option on the
Network > Authentication page is enabled.
Network > Authentication page is enabled.
Problems occur when authentication is required to access the site, and may occur either
when initially requesting the site or when re-authenticating to try to access the site.
when initially requesting the site or when re-authenticating to try to access the site.
To work around these problems, enable credential encryption on the Network >
Authentication page.
Authentication page.
Using Re-Authentication with PAC Files
When you enable re-authentication and configure client applications to use a PAC file, you
may need to verify certain settings to ensure re-authentication works properly with the PAC
file.
may need to verify certain settings to ensure re-authentication works properly with the PAC
file.
Re-authentication does not work properly under the following circumstances:
• Client browsers are configured to use a PAC file, and the PAC file is designed to bypass the
Web Proxy for internal web servers. Instead of instructing the browser to explicitly send
requests to the Web Proxy, it instructs the browser to directly send the request to the
destination server.
requests to the Web Proxy, it instructs the browser to directly send the request to the
destination server.
• The Web Security appliance uses IP addresses for authentication surrogates or no
surrogates, and credential encryption is not enabled.
• The Web Proxy is deployed in explicit forward mode, or it is deployed in transparent
mode and the “Apply same surrogate settings to explicit forward requests” option on the
Network > Authentication page is enabled.
Network > Authentication page is enabled.
Problems occur because re-authentication requires clients to be redirected to the Web Proxy
for authentication, but the PAC file bypasses all requests to internal web servers, including the
Web Security appliance.
for authentication, but the PAC file bypasses all requests to internal web servers, including the
Web Security appliance.
To work around these problems, edit the PAC file so that the function FindProxyForURL()
returns “PROXY x.x.x.x:80” when the host IP address is x.x.x.x. The port number you specify
in the return should the same port configured for other destinations.
returns “PROXY x.x.x.x:80” when the host IP address is x.x.x.x. The port number you specify
in the return should the same port configured for other destinations.