Open with table of contents
Client Basic Authentication using LDAP
All browsers support the Basic Authentication
scheme. With this method, on connecting the browser to the Clearswift Gateway, the user is prompted to enter a user name and password. The
Gateway authenticates the user name and password against a specified
LDAP User Name List and, if successful, the same combination is reused
until the browser closes.
|
- Before you can configure
Basic authentication, an LDAP User Name List must already exist. For information
about creating an LDAP User Name List, see Creating
an LDAP User Name List.
- Client Basic Authentication
using LDAP does not support user names or passwords that contain non-ASCII
characters.
- When using Basic authentication,
the user’s password is transmitted unencrypted and could potentially be
intercepted. NTLM and Kerberos authentication are more secure forms of
authentication.
|
To configure Client Basic authentication:
- From the System Center
Home page, click Proxy Settings.
The Proxy Settings page appears.
- Click Authentication Settings
to display the Authentication Settings page.
- Move the mouse pointer
over the User Authentication is Disabled/Enabled section, and click .
- Select Client
Basic Authentication using LDAP, and click Save.
- Move the mouse pointer
over the Basic Realm Identifier section, and click .
- Type the name of the Basic
Realm identifier to be used, and click Save. The realm appears in the authentication dialog that appears
in the client's browser, enabling the user to determine why they are being
asked to authenticate. It is cached by the browser, along with the user
name and password for the duration of the session. The default Basic Realm
identifier is 'CLEARSWIFT SECURE Web Gateway'.
- Move the mouse pointer
over the LDAP User Name List section, and click .
- Select the LDAP User Name Lists that contains the users that are to be allowed to authenticate,
and click Save. You must
select at least one user list.
- Move the mouse pointer
over the Apache Access Log section, and click . To enable or disable the generation of Apache Access logs, select or deselect the Enable Apache access logging check box.
After you have applied your configuration,
you can verify that users are being correctly authenticated.
To test authentication:
- From the System Center
Home page, click Proxy Settings.
The Proxy Settings page appears.
- Click Authentication Settings
to display the Authentication Settings page.
- Click Test Authentication.
The Test Authentication dialog appears.
- Enter a valid user name
and password combination, and click Run
Test.