cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
308
Views
0
Helpful
4
Replies

WSA: How to use encrypted HTTPS connection for authentication

jds5
Level 1
Level 1

Hello,

I'm trying to find out if it's possible to enable the feature "Credential Encryption : Use encrypted HTTPS connection for authenticationon" on the network > Authentification 

This in an environment with the following configurations:

Proxy Explicit

No Surrogate

NTLM/Basic 

Best Regards,

José

 

 

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

are you looking to user to get authentication using AD ? - then  yes you can use AD authentication with WSA for the user authenticate to browse using WSA.

check the video :

https://www.youtube.com/watch?v=5g-jzSTMqkI

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amojarra
Cisco Employee
Cisco Employee

Hello @jds5 

you can enable the "Credential Encryption" in the WSA, but since you are using Explicit Deployment, there will be no URL redirection for the authentication (HTTP/401 & 307).

amojarra_0-1730966775276.png

 

In explicit deployment the Proxy server directly requesting the user credentials that will be sent to it via HTTP Connect.

The above option is designed for the transparent deployment, when WSA is redirecting clients to its URL "Redirect Hostname" for authentication, this can be both HTTP or HTTPS. 

the reason that it is not always the HTTPS, is due to some limitations, such as:

Transparent Deployment + Cookie Surrogates + Credential Encryption => WSA can not read the Cookie before decrypting the traffic, so the default ID profile will be hit.

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++

 

 

jds5
Level 1
Level 1

Hello Amirhossein,

Do you have any documentation that explains this feature in detail and these different implementation scenarios, please?

BR,

José

 

 

amojarra
Cisco Employee
Cisco Employee

Hello @jds5 

 

regarding: ... different implementation scenarios.

if you are referring to transparent and explicit deployment,
I can share: 

https://www.cisco.com/c/en/us/support/docs/security/web-security-appliance/117940-qa-wsa-00.html

the rest of the information are available in the user-guide. 

 

Please do not hesitate to let me know if there are any questions or concerns, 

 

 

Regards,

Amirhossein Mojarrad

+++++++++++++++++++++++++++++++++++++++++++++++++++

++++     If you find this answer helpful, please rate it as such    ++++

+++++++++++++++++++++++++++++++++++++++++++++++++++