The following procedure describes how to configure the Edge SWG (formerly ProxySG) appliance to store user credentials and send them upstream upon request. This allows users to enter their credentials once rather than having to continually re-enter them in order to access a server behind the Edge SWG appliance. This type of configuration would be useful in a reverse proxy deployment to prevent users from having to re-authenticate multiple times.
Note: The following procedure will only work with servers that request BASIC authentication. As an alternative you could configure the EdgeSWG to use constrained Kerberos delegation (also known as IWA on Microsoft IIS). For more details please refer to Article 165596.
1. Open VPM.
2. Optional: Create a new Web Authentication Layer.
3. Add a new rule to the Web Authentication Layer, ensuring that the placement of this rule is correct.
4. Adjust the source and destination accordingly.
5. As an action, right-click and select "set."
6. Select "Duplicate Proxy Credentials Upstream."
7. Adjust the options accordingly.
For more details, refer to the SGOS Administration Guide of your corresponding SGOS release.