10-24-2016 03:53 AM
Team,
My customer wants to integrate ISE with their coming Bluecoat ASG proxy. The only task they need from ISE is to forward the username and IP address to Bluecoat so that it provides appropriate access based on those two parameters, noting that the same user might be accessing Internet from Internal LAN (using static proxy on Browser).
I thought we could use some sort of RADIUS for the communication, and read some documents on the internet but they were very vague
please advise
Solved! Go to Solution.
10-24-2016 09:03 AM
We have no direct integration with bluecoat. We could perhaps send syslog over to them and if they can glean it that way?
Not sure how the RADIUS would work as the clients authenticate against the network and then to ISE. Bluecoat is not in the equation
Bluecoat could certainly point to ISE for the users to authenticate again but don’t think they want that. Even better is ISE + WSA with PXGRID integration
10-24-2016 09:03 AM
We have no direct integration with bluecoat. We could perhaps send syslog over to them and if they can glean it that way?
Not sure how the RADIUS would work as the clients authenticate against the network and then to ISE. Bluecoat is not in the equation
Bluecoat could certainly point to ISE for the users to authenticate again but don’t think they want that. Even better is ISE + WSA with PXGRID integration
10-24-2016 09:14 AM
You might want to also look into if Bluecoat supports SAML SSO integration? This might work for the employee side of things. For guests you will still have the same issue
11-30-2016 03:12 PM
Hi Jason,
can you please provide some details about SAML SSO integration, actually our wireless users gets authenticated thru Cisco ISE (802.1X), after that we don't want them to enter their credentials again one more time for Bluecoat Proxy, but if they don't get authenticated in Bluecoat then we can't apply any proxy policies. i need your kimd help, please suggest.
thank you very much.
01-12-2017 12:49 PM
sorry i didn't see this. I would recommend reaching out to the ISE Product Marketing team as even with SSO they will still need to hit a portal before authenticating.
https://communities.cisco.com/docs/DOC-64018#jive_content_id_Web_Portal_access_via_SAML_SSO
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide