The following procedure describes how to configure the ProxySG appliance to store user credentials and send them upstream upon request. This allows users to enter their credentials once rather than having to continually re-enter them in order to access a server behind the ProxySG appliance. This type of configuration would be useful in a reverse proxy deployment to prevent users from having to re-authenticate multiple times.
Note: The following procedure will only work with servers that request BASIC authentication. As an alternative you could configure the ProxySG to use constrained Kerberos delegation (also known as IWA on Microsoft IIS). For more details please refer to KB3919.
- Open VPM.
- Optional: Create a new Web Authentication Layer.
- Add a new rule to the Web Authentication Layer, ensuring that the placement of this rule is correct.
- Adjust the source and destination accordingly.
- As an action, right-click and select "set."
- Select "Send Credentials Upstream."
- Adjust the options accordingly.
For more details, refer to the SGOS Administration Guide, "Chapter 44: Controlling Access to the Internet and Intranet."