Open with table of contents

Client Basic Authentication using LDAP

All browsers support the Basic Authentication scheme. With this method, on connecting the browser to the Clearswift Gateway, the user is prompted to enter a user name and password. The Gateway authenticates the user name and password against a specified LDAP User Name List and, if successful, the same combination is reused until the browser closes.

 
  • Before you can configure Basic authentication, an LDAP User Name List must already exist. For information about creating an LDAP User Name List, see Creating an LDAP User Name List.
  • Client Basic Authentication using LDAP does not support user names or passwords that contain non-ASCII characters.
  • When using Basic authentication, the user’s password is transmitted unencrypted and could potentially be intercepted. NTLM and Kerberos authentication are more secure forms of authentication.

To configure Client Basic authentication:

  1. From the System Center Home page, click Proxy Settings. The Proxy Settings page appears.
  2. Click Authentication Settings to display the Authentication Settings page.
  3. Move the mouse pointer over the User Authentication is Disabled/Enabled section, and click Click here to change these settings.
  4. Select Client Basic Authentication using LDAP, and click Save.
  5. Move the mouse pointer over the Basic Realm Identifier section, and click Click here to change these settings.
  6. Type the name of the Basic Realm identifier to be used, and click Save. The realm appears in the authentication dialog that appears in the client's browser, enabling the user to determine why they are being asked to authenticate. It is cached by the browser, along with the user name and password for the duration of the session. The default Basic Realm identifier is 'CLEARSWIFT SECURE Web Gateway'.
  7. Move the mouse pointer over the LDAP User Name List section, and click Click here to change these settings.
  8. Select the LDAP User Name Lists that contains the users that are to be allowed to authenticate, and click Save. You must select at least one user list.
  9. Move the mouse pointer over the Apache Access Log section, and click Click here to change these settings. To enable or disable the generation of Apache Access logs, select or deselect the Enable Apache access logging check box.

After you have applied your configuration, you can verify that users are being correctly authenticated.

To test authentication:

  1. From the System Center Home page, click Proxy Settings. The Proxy Settings page appears.
  2. Click Authentication Settings to display the Authentication Settings page.
  3. Click Test Authentication. The Test Authentication dialog appears.
  4. Enter a valid user name and password combination, and click Run Test.

 

© 1995–2018 Clearswift Ltd.