cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1400
Views
0
Helpful
4
Replies

Machine name VS username with SSO authentication

fermendo
Level 1
Level 1

Hi all,

I have an S370 configured for SSO. It works fine most of the times, but at some point, machines (Vista or W7) send the machine name instead of the username. The machine name is valid in AD, so it is authenticated, but since the machine name is not in any valid group, users have no access.

So far I have seen that this happens mostly when the request is not sent by a browser, ie windows update, antivirus update or others. A workaround is to create an identity excluding some user-agents from authentication, but this doesn't seem to solve the problem since there are a lot of exceptions. Another workaround is to lower the surrogate timeout so authentication is asked almost on every request, but this causes performance issues.

Two questions:

-- Is there a known problem or incompatibility between IronPort 7.1.0 and AD on Windows 2008?

-- I'm thinking on changing the surrogate type to cookie instead of IP address. Do you think this will help?

Thanks a lot!!