Support

Go to the table of contents Go to the previous page Go to the next page Go to the index View or print as PDF
Security > Proxy user authentication > Transparent proxy authentication settings
Transparent proxy authentication settings
Help | Content Gateway | Version 7.7.3
When Content Gateway is a transparent proxy that also performs user authentication, several special authentication-related configuration options should be set. In Content Gateway Manager, go to the Configuration > Security > Access Control > Transparent Proxy Authentication tab.
*
Redirect Hostname (optional) — specifies an alternate hostname for the proxy. Redirect Hostname is not used by Integrated Windows Authentication (IWA).
By default, authenticating clients are redirected to the hostname of the Content Gateway machine. If clients are unable to resolve that hostname through DNS, or if an alternate DNS name for the proxy is defined, that hostname can be specified in the Redirect Hostname field.
 
* 
Note 
To ensure that user authentication for transparent proxy occurs transparently (i.e., without prompting the user for credentials), the browser must be configured so that the Redirect Hostname is in its Intranet Zone. Typically, this is achieved by ensuring that the Redirect Hostname is in the same domain as the computer on which the browser is running. For example, if the client is workstation.example.com and the Redirect Hostname is proxyhostname.example.com, the browser allows authentication to occur transparently. Consult your browser documentation.
*
Authentication Mode — specifies the transparent authentication mode. Content Gateway must be set to one of the following modes:
*
IP mode: In IP mode (the default), the client IP address is associated with a username when the session is authenticated. Requests made from that IP address are not authenticated again until the Session TTL expires (Session Time-To-Live; default = 15 minutes). Requests made from that IP address within the time-to-live are considered to be made by the user associated with that IP address.
*
Cookie Mode: Cookie mode is used to uniquely identify users who share a single IP address, such as in terminal server environments, in proxy chaining environments, or where network address translation (NAT) occurs.
When Multiple Realm Authentication is used, cookie-based credential caching can be specified in each realm rule. If it is not specified, this setting applies.
*
Session TTL — Once the user's session is authenticated, the user credentials are cached for the time specified in Session TTL (Time-To-Live; default = 15 minutes). Supported values are 5-65535 minutes.
Whenever changes are made to any of these fields, click Apply to save your changes and then restart the proxy to put the changes into effect.
 
* 
Note 
Content Gateway supports transparent authentication in proxy clusters using WCCP load balancing. However, the assignment method distribution attribute must be the source IP address. For more information see WCCP load distribution.
Print print article Email email article Font Size: A A

Search

Article Rating:

Do you have any additional feedback?    Email: close

Related Articles

Quick Links

Service Requests

How are we doing?

Provide us feedback on your experience with the Service Request portal.

provide feedback >

Go to the table of contents Go to the previous page Go to the next page Go to the index View or print as PDF
Security > Proxy user authentication > Transparent proxy authentication settings