Client basic authentication

All browsers support the Basic Authentication scheme. With this method, on connecting the browser to Secure Web Gateway, the user is prompted to enter a user name and password. The Gateway authenticates the user name and password against a specified LDAP User Name List and, if successful, the same combination is reused until the browser closes.

 
  • Before you can configure Basic authentication, an LDAP User Name List must already exist. For information about creating an LDAP User Name List, see Creating an LDAP User Name List.
  • When using Basic authentication, the user’s password is transmitted unencrypted and could potentially be intercepted. NTLM and Kerberos authentication are more secure forms of authentication.

Configure Client Basic authentication

  1. Navigate to System > Proxy Settings > Authentication Settings. The Authentication Settings page is displayed.
  2. Move the mouse pointer over the User Authentication is Enabled or the User Authentication is Disabled panel, and click Click here to change these settings.

  3. Select Client Basic Authentication using LDAP and click Save.

    When you have selected this authentication type, the Basic Realm Identifier and LDAP User Name List panels will be displayed in the Authentication Settings page.

  4. In the Basic Realm Identifier panel, click Click here to change these settings.

  5. Type the name of the Basic Realm identifier to be used and click Save.

    The realm appears in the authentication dialog that appears in the client's browser, enabling the user to determine why they are being asked to authenticate. It is cached by the browser, along with the user name and password for the duration of the session. The default Basic Realm identifier is 'Clearswift Secure Web Gateway'.

      Client Basic Authentication using LDAP does not support user names or passwords that contain non-ASCII characters.
  6. In the LDAP User Name List panel, click Click here to change these settings.
  7. Select the LDAP User Name Lists that contain the users allowed to authenticate, and click Save. You must select at least one user list.
  Secure Web Gateway synchronizes any LDAP Synchronized User Name Lists automatically every 24 hours.

After you have applied your configuration, you can verify that users are being correctly authenticated.

Test authentication

  1. On the Authentication Settings page, click Test Authentication in the task panel. The Test Authentication dialog is displayed.
  2. Enter User Name and Password combination, then click Run Test.

Enable Apache Access Log

If you want to run diagnostics on your authentication, you can enable Apache Access logging for more information.

  1. In the Apache Access Log is Enabled or the Apache Access Log is Disabled panel, click Click here to change these settings.
  2. To enable or disable the generation of the logs, select or clear the Enable Apache access logging check box.