Whenever changes are made to any of these settings, click Apply to save your changes and then restart the proxy to put the changes into effect.
Fail Open specifies whether requests are allowed to proceed for processing when user authentication fails.
Cache using IP address only – specifies that all credentials are cached with IP address surrogates. This is the recommended method when all clients have unique IP addresses.
Cache using Cookies only – specifies that all credentials are cached with cookie surrogates. This is recommended when all clients share IP addresses, as with multi-host servers such as Citrix servers, or when traffic is NATed by a device that is forwarding traffic to Content Gateway.
Cache using both IP addresses and Cookies – specifies to use cookie surrogates for the IP addresses listed in the cookie caching list, and to use IP address surrogates for all other IP addresses. This is recommended when the network has a mix of clients, some with unique IP addresses and some using multi-user hosts or that are subject to NATing.
Cache Time-To-Live (TTL) specifies the duration, in minutes, that an entry in the cache is retained. When the TTL expires, the entry is removed and the next time that that user submits a request, the user is authenticated. If the authentication succeeds, an entry is placed in the cache.
When enabled, Purge LDAP cache on authentication failure causes the proxy to delete the authorization record for the client from the LDAP cache when an LDAP user authentication failure occurs.
Redirect Hostname specifies an alternate hostname for the proxy.