Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1382
Views
0
Helpful
4
Replies

Machine name VS username with SSO authentication

Go to solution
fermendo
Level 1
Level 1

‎05-20-2011 04:02 PM

Hi all,

I have an S370 configured for SSO. It works fine most of the times, but at some point, machines (Vista or W7) send the machine name instead of the username. The machine name is valid in AD, so it is authenticated, but since the machine name is not in any valid group, users have no access.

So far I have seen that this happens mostly when the request is not sent by a browser, ie windows update, antivirus update or others. A workaround is to create an identity excluding some user-agents from authentication, but this doesn't seem to solve the problem since there are a lot of exceptions. Another workaround is to lower the surrogate timeout so authentication is asked almost on every request, but this causes performance issues.

Two questions:

-- Is there a known problem or incompatibility between IronPort 7.1.0 and AD on Windows 2008?

-- I'm thinking on changing the surrogate type to cookie instead of IP address. Do you think this will help?

Thanks a lot!!

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
edadios
Cisco Employee
Cisco Employee
In response to fermendo

‎06-06-2011 05:13 PM

Hello Fernando,

As long as the original browser is open, new tabs, and new window for the same browser should not prompt for Auth.

Once you close all instances of the same browser,  or open a new browser, you will be prompted for auth.

Regards,

Eric

View solution in original post

0 Helpful
4 Replies 4

Go to solution
edadios
Cisco Employee
Cisco Employee

‎05-22-2011 10:17 PM

Hello Fernando,

It may be to do with Network Connectivity Status Indicator feature.

http://tinyurl.com/4q89otg

I see win2008 also has it.

http://technet.microsoft.com/en-us/library/ee126135%28WS.10%29.aspx

I hope this information helps you.

Regards,

Eric

0 Helpful

Go to solution
fermendo
Level 1
Level 1
In response to edadios

‎06-06-2011 12:16 PM

Hello Eric,

Thanks a lot for your response.

I verified the document you sent, however the workaround provided my Microsoft doesn't work fine, machines send the machine name instead of user even after chaning the windows registry. Anyway that is something to solve with Microsoft.

Let me ask another question, when the surrogate type is set to cookie, will every browser tab ask for authentication? Or how does it work?

Thanks and regards,

Fernando

0 Helpful

Go to solution
edadios
Cisco Employee
Cisco Employee
In response to fermendo

‎06-06-2011 05:13 PM

Hello Fernando,

As long as the original browser is open, new tabs, and new window for the same browser should not prompt for Auth.

Once you close all instances of the same browser,  or open a new browser, you will be prompted for auth.

Regards,

Eric

0 Helpful

Go to solution
fermendo
Level 1
Level 1
In response to edadios

‎06-08-2011 09:44 AM

Thanks a lot for your answer Eric!

0 Helpful
Customers Also Viewed These Support Documents