Web Authentication Layer is configured, users are authenticated, however the group information is missing from X-Authenticated-Groups in ICAP, or cs-auth-group in Access Log.
The way authentication works on the proxy is that group information for an authenticated user is unknown until its needed. The proxy will collect the user's group information when a group based policy needs to be processed.
When no group information is needed for matching a policy, proxy does not have the info to fill in the X-Authenticated-Groups in ICAP, or cs-auth-group in Access Log.
If a policy containing a group the user belongs to is processed then that group information is sent in ICAP or Access Log.
Extract group information for an authenticated user:
1. Create a new Web Access Layer 2. Source = the group the user belongs to 3. Action = none.
[Caveat: ProxySG queries authentication server for getting the group information, it can affect the ProxySG performance. Perform with caution!]
Subscribing will provide email updates when this Article is updated. Login is required.
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
Subscribed to the Article.
Unable to subscribe
Thanks for your additional feedback !!!
Enterprise Support Virtual Agent
Rate Me :
Tell us more:
Welcome! My name is Sami, the Enterprise Support Virtual Agent answering technical support questions.