Client basic authentication

All browsers support the Basic Authentication scheme. With this method, on connecting the browser to the Web Gateway, the user is prompted to enter a user name and password. The Web Gateway authenticates the user name and password against a specified LDAP User Name List and, if successful, the same combination is reused until the browser closes.

 
  • Before you can configure Basic authentication, an LDAP User Name List must already exist. For information about creating an LDAP User Name List, see Creating an LDAP User Name List.
  • When using Basic authentication, the user’s password is transmitted unencrypted and could potentially be intercepted. NTLM and Kerberos authentication are more secure forms of authentication.

Configure Client Basic authentication

  1. From the System Center Home page, click Proxy Settings > Authentication Settings.
  2. Beside the User Authentication is Disabled/Enabled section, click Click here to change these settings.

  3. Select Client Basic Authentication using LDAP and click Save.

    The Basic Realm Identifier and LDAP User Name List sections will appear once you've saved the authentication type.

  4. Beside the Basic Realm Identifier section, click Click here to change these settings.

  5. Type the name of the Basic Realm identifier to be used and click Save.

    The realm appears in the authentication dialog that appears in the client's browser, enabling the user to determine why they are being asked to authenticate. It is cached by the browser, along with the user name and password for the duration of the session. The default Basic Realm identifier is 'Clearswift SECURE Web Gateway'.

      Client Basic Authentication using LDAP does not support user names or passwords that contain non-ASCII characters.
  6. Beside the LDAP User Name List section, click Click here to change these settings.
  7. Select the LDAP User Name Lists that contain the users allowed to authenticate, and click Save. You must select at least one user list.
  The Web Gateway synchronizes any LDAP Synchronized User Name Lists automatically every 24 hours.

After you have applied your configuration, you can verify that users are being correctly authenticated.

Test authentication

  1. On the Authentication Settings page, click Test Authentication. The Test Authentication dialog appears.
  2. Enter a valid user name and password combination, and click Run Test.

Enable Apache Access logging

If you want to run diagnostics on your authentication, you can enable Apache Access logging for more information. To do this:

  1. Beside the Apache Access Log is Disabled/Enabled section, click Click here to change these settings.
  2. To enable or disable the generation of Apache Access logs, select or deselect the Enable Apache access logging check box.