Manualshelf

User Guide

ManualsBrandsCisco Manualsantivirus security softwareCisco Web Security Appliance S170
391392393394395396397398399400
TRACKING AUTHENTICATED USERS
CHAPTER 16: AUTHENTICATION 369
TRACKING AUTHENTICATED USERS
Table 16-11 describes which authentication surrogates are supported with other
configurations and different types of requests (explicitly forwarded and transparently
redirected).
* Works after the client makes a request to an HTTP site and is authenticated. All requests to
HTTPS sites before this happens are dropped citing authentication failure.
** When cookie-based authentication is used, the Web Proxy cannot authenticate the user for
HTTPS and FTP over HTTP transactions. Due to this limitation, all HTTPS and FTP over HTTP
requests bypass authentication, so authentication is not requested at all. For more information
on how HTTPS requests are assigned Identity and non-Identity policy groups, see “How
Authentication Affects HTTPS and FTP over HTTP Requests” on page 129.
*** No surrogate is used in this case even though cookie-based surrogate is configured.
Table 16-11 Supported Authentication Surrogates
Surrogate
Types
Explicit Requests Transparent Requests
Credential
Encryption:
Disabled Enabled Disabled Enabled
Protocol: HTTP HTTPS &
FTP over
HTTP
HTTP HTTPS &
FTP over
HTTP
HTTP HTTPS HTTP HTTPS
No Surrogate Yes Yes NA NA NA NA NA NA
IP-based Yes Yes Yes Yes Yes No/Yes* Yes No/Yes*
Cookie-based Yes Yes*** Yes No/Yes** Yes No/
Yes**
Yes No /
Yes **