Content Gateway Help
Websense Content Gateway v7.6

Go to the table of contents Go to the previous page Go to the next page Go to the index View or print as PDF
Security > Proxy user authentication

Related topics:
Content Gateway supports several methods of authenticating users before they are allowed access to content. These methods can be used together with Websense Web Security user identification agents to provide failover should proxy user authentication become unavailable. For an overview of user authentication options and best practices, go to the Websense Technical Library and search for Web Security Gateway authentication and identification.
For each realm (definition below), an authentication method (Integrated Windows Authentication, NTLM, or LDAP) is specified. Using this feature, multiple methods can be used to authenticate users in multiple realms.
*
A domain is a Windows Active Directory domain.
*
A realm is a Windows Active Directory domain that does not have an outbound trust relationship with other domains. It therefore requires that its members be authenticated by a domain controller within the domain.
The authentication mode is selected in Content Gateway Manager in the Authentication section of the Configure > My Proxy > Basic page. Configuring authentication for multiple realm environments begins with selecting the Multiple Realm Authentication option.
If you have one Active Directory domain, or if all of your Active Directory domains share inbound and outbound trust relationships, the best option is to use Integrated Windows Authentication.
If you have multiple realms and authentication is a requirement, you must use the multiple realm option. For details, including a discussion of policy application limits, see Multiple realm authentication.
If user identification is sufficient, you can use one of the Web Security user identification options. See the section titled User Identification in TRITON -- Web Security Help.
Content Gateway supports both transparent (Single Sign-On) and interactive (prompted) authentication. Transparent authentication is supported with Integrated Windows Authentication and Legacy NTLM. Some browsers provide only limited support. See Browser limitations.
On Windows networks, Single Sign-On allows users to sign on only once so that they can transparently access all authorized network resources. Therefore, if a user has already logged on to the Windows network successfully, the credentials specified during Windows logon are used for proxy authentication and the user is not prompted again for a username and password.
Interactive authentication is supported in networks that are not configured for Single Sign-On and for use with browsers that don't support Single Sign-On. With interactive authentication, users are prompted for credentials before they can access content through Content Gateway.
For Integrated Windows Authentication and Legacy NTLM, Content Gateway supports the specification of backup domain controllers for failover. If the primary domain controller does not respond to proxy requests, Content Gateway contacts the next domain controller in the list (the backup domain controller). For the next request, the proxy tries to contact the primary domain controller again and then contacts the backup domain controller if the connection fails.


Go to the table of contents Go to the previous page Go to the next page Go to the index View or print as PDF
Security > Proxy user authentication