The client IP address is used as a surrogate credential.
Origin-IP: The ProxySG acts like an OCS and issues OCS challenges. The authenticated connection serves as the surrogate credential. Origin: The ProxySG acts like an OCS and issues OCS challenges. In some situations proxy challenges do not work origin challenges are then issued. Proxy-IP specifies an insecure forward proxy, possibly suitable for LANs of single-user workstations. Proxy-IP: The ProxySG uses an explicit proxy challenge and the client's IP address as a surrogate credential. This dramatically reduces the load on the back-end authentication authority and improves the all-around performance of the network. If you have many requests consulting the back-end authentication authority (such as LDAP, RADIUS, or the BCAAA service), you can configure the ProxySG (and possibly the client) to use persistent connections. This is the typical mode for an authenticating explicit proxy. Proxy: The ProxySG uses an explicit proxy challenge. Auto can choose any of proxy, origin, origin-ip, or origin-cookie-redirect, depending on the kind of connection (explicit or transparent) and the transparent authentication cookie configuration. Auto: The default (should be used only in POC) the mode is automatically selected, based on the request. Please check the documentation for any updates on authentication modes. The following information was taken from the SGOS 6.5 Administration Guide. Navigate to Policy > Add Web Access Layer.Īuthentication modes are explained in detail in the following guides:. Select the Web Authentication Layer object you just created. (Optional) Change the name of the rule. Navigate to Policy > Add Web Authentication Layer. In the Management Console, launch the VPM. To specify a particular mode for a transaction, set the authenticate.mode() property through the command line interface (CLI) or the Visual Policy Manager (VPM) in the Management Console.Īuthenticate.mode(origin) authenticate(ldaprealm) This article describes how to use authenticate.mode(), and provides guidance on when to use each mode. 
SGOS provides policy control over the operation of the authentication subsystem through the content policy language (CPL) property authenticate.mode().
0 kommentar(er)
