User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S170

371

372

373

374

375

376

377

378

379

380

358

IRONPORT ASYNCOS 6.3 FOR WEB USER GUIDE

Credential Cache Options:

Surrogate Type

This setting specifies the way that transactions are associated

with a user (either by IP address or using a cookie) after the

user has authenticated successfully.

Choose one of the following options:

• IP Address. The appliance authenticates the user at a

particular IP address. You can achieve single sign-on

behavior when you choose IP-based authentication.

• Persistent Cookie. The appliance authenticates a user on

a particular application by generating a persistent cookie

for each user per application. The cookie is not removed

when the application is closed.

• Session Cookie. The appliance authenticates a user on a

particular application by generating a session cookie for

each user per domain per application. (However, when a

user provides different credentials for the same domain

from the same application, the cookie is overwritten.) The

cookie is removed when the application is closed.

You might want to use IP-based authentication when there is

only one user on a client machine and you want users to be

able to achieve single sign-on behavior.

You might want to choose cookie-based authentication

when there are multiple users on one machine, such as a

Citrix server.

For more information about which authentication surrogates

are supported with other configurations and different types

of requests, see “Tracking Authenticated Users” on

page 369.

Credential Cache Options:

Surrogate Timeout

This setting specifies how long the Web Proxy waits before

asking the client for authentication credentials again. Until

the Web Proxy asks for credentials again, it uses the value

stored in the surrogate (IP address or cookie).

It is common for user agents, such as browsers, to cache the

authentication credentials so the user will not be prompted

to enter credentials each time.

Credential Cache Options:

Cache Size

Specifies the number of entries that are stored in the

authentication cache. Set this value to safely accommodate

the number of users that are actually using this device. The

default value is the recommended setting.

Explicit Forward Requests This setting specifies whether the surrogate used for

transparent requests should also be used for explicit

requests.

Table 16-9 Transparent Proxy Mode Authentication Settings (Continued)

Setting Description