How does the ProxySG record the IWA authentication credential type being used?

For IWA realm authentication, it is possible to select from one or more of the Basic, NTLM or Kerberos credential types.

These authentication types used can be written to an Access Log by using the cs-auth-type log field.

This field will have one of the following values, depending on the authentication types selected. 

A sample Access Log would look like the following:
 

#Version: 1.0

#Start-Date: 2010-12-15 13:45:27

#Date: 2010-12-15 12:28:57

#Fields: date time time-taken x-cs-auth-domain cs-auth-type cs-username c-ip

#Remark: 3907061338 "10.91.24.1 - Blue Coat SG200 Series" "10.91.24.1" "MyLog"

2010-12-15 13:30:26 2 - Digest - 10.91.24.5

2010-12-15 13:30:26 389 VDOMAIN Digest administrator 10.91.24.5

2010-12-15 13:47:38 1 - Digest - 10.91.24.10

2010-12-15 13:49:27 279 - BASIC - 10.91.24.5

2010-12-15 13:49:27 279 - BASIC - 10.91.24.5

2010-12-15 13:49:32 171 - BASIC someuser 10.91.24.5

2010-12-15 13:51:08 29 VDOMAIN Digest administrator 10.91.24.5

2010-12-15 13:51:08 129 VDOMAIN Digest administrator 10.91.24.5

2010-12-15 13:51:09 2 - Digest - 10.91.24.5

2010-12-15 13:55:06 6 VDOMAIN Certificate administrator 10.91.24.5

2010-12-15 13:56:45 86 - NTLM%20and%20BASIC - 10.91.24.5

2010-12-15 13:56:45 5 - NTLM%20and%20BASIC - 10.91.24.5

2010-12-15 13:56:45 61 VDOMAIN NTLM%20and%20BASIC administrator 10.91.24.5

2010-12-15 13:56:45 156 VDOMAIN NTLM%20and%20BASIC administrator 10.91.24.5

2010-12-15 14:00:21 6 - NTLM%20BASIC%20only someuser 10.91.24.5

2010-12-15 14:00:23 4 - NTLM%20BASIC%20only - 10.91.24.5

2010-12-15 14:00:27 12 VDOMAIN NTLM%20BASIC%20only iwa 10.91.24.5

CS-AUTH-TYPE will show what Authentication credential types were SENT by the ProxySG to the Client in the authentication request.

If you want to know what the user actually provided in the response, you can also use the access-log field: X-AUTH-CREDENTIAL-TYPE. This access-log field is only available from SGOS 6.5.2 and above.