For authentication purposes, how to distinguish requests made transparently or explicitly
search cancel

For authentication purposes, how to distinguish requests made transparently or explicitly

book

Article ID: 165755

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The proxy is able to support requests coming from users accessing the proxy both transparently and explicitly (see 000013830). If users require to be authenticated when connecting to the proxy, it is necessary to identify whether the user is accessing the proxy transparently or explicitly in order to select the correct authentication mode (see 000015933).

Resolution

In Visual Policy Manager, create a Web Authentication Layer. In this layer, create two rules.

Rule #1 is for explicit user access. Set the Source to be the TCP port address used for accessing the proxy (by default, this is port 8080).

The Action is to authenticate users using a non-redirect authentication mode.

Rule #2 is for all other, i.e. transparent, requests.

 

If you wish to implement this solution as CPL, use / modify the following sample code.

<Proxy>
    proxy.port=8080 authenticate(IWA_Auth)  authenticate.force(no) authenticate.mode(proxy-ip)    ; Rule 1
    authenticate(IWA_Auth)  authenticate.force(no) authenticate.mode(origin-ip-redirect)          ; Rule 2 

Powered by Wolken Software