11-06-2024 08:22 AM
Hello,
I'm trying to find out if it's possible to enable the feature "Credential Encryption : Use encrypted HTTPS connection for authenticationon" on the network > Authentification
This in an environment with the following configurations:
Proxy Explicit
No Surrogate
NTLM/Basic
Best Regards,
José
11-06-2024 12:01 PM
are you looking to user to get authentication using AD ? - then yes you can use AD authentication with WSA for the user authenticate to browse using WSA.
check the video :
11-07-2024 12:07 AM
Hello @jds5
you can enable the "Credential Encryption" in the WSA, but since you are using Explicit Deployment, there will be no URL redirection for the authentication (HTTP/401 & 307).
In explicit deployment the Proxy server directly requesting the user credentials that will be sent to it via HTTP Connect.
The above option is designed for the transparent deployment, when WSA is redirecting clients to its URL "Redirect Hostname" for authentication, this can be both HTTP or HTTPS.
the reason that it is not always the HTTPS, is due to some limitations, such as:
Transparent Deployment + Cookie Surrogates + Credential Encryption => WSA can not read the Cookie before decrypting the traffic, so the default ID profile will be hit.
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
11-08-2024 01:12 AM
Hello Amirhossein,
Do you have any documentation that explains this feature in detail and these different implementation scenarios, please?
BR,
José
11-08-2024 07:17 AM
Hello @jds5
regarding: ... different implementation scenarios.
if you are referring to transparent and explicit deployment,
I can share:
https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html
the rest of the information are available in the user-guide.
Please do not hesitate to let me know if there are any questions or concerns,
Regards,
Amirhossein Mojarrad
+++++++++++++++++++++++++++++++++++++++++++++++++++
++++ If you find this answer helpful, please rate it as such ++++
+++++++++++++++++++++++++++++++++++++++++++++++++++
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide