search cancel

Performing authentication in a transparent deployment before implementing SSL Interception.


Article ID: 171681


Updated On:


Advanced Secure Gateway Software - ASG ProxySG Software - SGOS


The following article provides a way to implement IWA authentication in a transparent deployment for cases in which SSL Interception has not been implemented yet.

This implementation is limited because without doing SSL Interception, the proxy can only authenticate HTTP requests. The proxy can remember the authenticated client for 15 minutes by default (using surrogates) and the client will need to access another HTTP site in order to be re-authenticated after that time has passed. For more on surrogates, refer to the following article:



In order to implement this authentication, two rules must be created: One that disables authentication for "ssl://" (HTTPS) requests and allow the rest.

The rules look as follows:


Rule 1 - Destination trigger: Request URL regex: "ssl://.*" - Action:  Do not authenticate

Rule 2 - Destination trigger: Any - Action: Authenticate, Authentication Mode: Origin-IP-Redirect or Origin-Cookie-Redirect (depending on each particular environment)