How to forward authentication credentials per one or more domains
search cancel

How to forward authentication credentials per one or more domains

book

Article ID: 280349

calendar_today

Updated On:

Products

ISG Proxy ProxySG Software - SGOS

Issue/Introduction

When enabled, the ProxySG appliance forwards Authorization and Proxy-Authorization headers upstream to the OCS. This command can be used in explicit and transparent proxy deployments. The default setting for this command is disable.

#(config)security force-credential-forwardingcommand sets the default for this property.
 
Note
Use this feature with caution. It causes the ProxySG appliance to send all Authorization and Proxy-Authorization headers upstream. For Internet-bound requests, the proxy sends user-credential information to the Internet. Symantec recommends using the authenticate.forward_credentials() so that credentials can be forwarded upstream selectively based on various policy conditions.

Resolution

Here is CPL code you can use if you want to forward authentication credentials explicitly to some web sites

 

<Proxy>
condition=forward_credentials  authenticate.forward_credentials(yes)
define condition forward_credentials
url.domain=<domain name>
end

 

In case you want to limit to specific user groups from Active directory

<Proxy>
condition=__GROUP137 condition=forward_credentials  authenticate.forward_credentials(yes)
define condition forward_credentials
url.domain=<domain name>
end

define condition __GROUP137
    realm=Realm_name group=<Group_name>
end
Powered by Wolken Software