Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
342
Views
0
Helpful
1
Replies

CSS Client Authentication Failure forwarding

alfiesummers
Level 1
Level 1

‎11-28-2006 08:36 AM

Hi All, I have a requirement to forward the reason for a client authentication session failure to a backend server. Has anyone done this or does anyone know how to acheive this?

I suspect I may need to redirect the failure to a url. Would this include the reason for the failure? Or would I need to use http-header insertion. Does "http-header client-cert" include this information. It is not clear from the information I have seen or read.

Thanks in advance for your help.

Alfie

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎11-28-2006 08:50 AM

The only way you could get information about the failure is if there is a logg generated by the CSS. The syslog message could then be sent to a syslog server.

The client that generated the failure can be redirected to a url.

This is done with the following commands :

CSS11503-2(config-ssl-proxy-list[gdufour])# ssl-server 1 failure-url ?

URL to redirect clients to (Len: 0-168)

CSS11503-2(config-ssl-proxy-list[gdufour])# ssl-server 1 failure ?

ignore Use failure type of ignore

redirect Use failure type of redirect

reject Use failure type of reject

But no reason will be provided. The backend-server can only generate a generic error message.

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card