Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 1 subscriber
  • Views 1101 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Is proxy with AD SSO "Transparent" ?

Simon Shaw
I should know this, but not sure [:)]  The help doesn't tell you.

When the HTTP proxy is in "Active Directory SSO" mode, does it act in a transparent fashion? (ie Like Transparent mode, intercepting port 80, but uses AD Auth before allowing the connection).

Or do I have to point users to the proxy, (ie 192.168.0.1:8080 in browser config) ?

Hard for us to tell without annoying users by fiddling with HTTP rules, so just a straight answer would be enormously helpful.


This thread was automatically locked due to age.
Parents
  • 0
    I should know this, but not sure [:)]  The help doesn't tell you.

    When the HTTP proxy is in "Active Directory SSO" mode, does it act in a transparent fashion? (ie Like Transparent mode, intercepting port 80, but uses AD Auth before allowing the connection).

    Or do I have to point users to the proxy, (ie 192.168.0.1:8080 in browser config) ?

    Hard for us to tell without annoying users by fiddling with HTTP rules, so just a straight answer would be enormously helpful.


    If you have AD SSO enabled (or any other User Authentication Mode), it isn't transparent, as Transparent Mode with User Authentication isn't possible. So you have to point your client browser to the ASG.

    Hope this helps,

    Sven.
Reply
  • 0
    I should know this, but not sure [:)]  The help doesn't tell you.

    When the HTTP proxy is in "Active Directory SSO" mode, does it act in a transparent fashion? (ie Like Transparent mode, intercepting port 80, but uses AD Auth before allowing the connection).

    Or do I have to point users to the proxy, (ie 192.168.0.1:8080 in browser config) ?

    Hard for us to tell without annoying users by fiddling with HTTP rules, so just a straight answer would be enormously helpful.


    If you have AD SSO enabled (or any other User Authentication Mode), it isn't transparent, as Transparent Mode with User Authentication isn't possible. So you have to point your client browser to the ASG.

    Hope this helps,

    Sven.
Children
  • 0 in reply to svens
    Ok, thought so.  Thanks Svens.
  • 0 in reply to Simon Shaw
    Yeah... without the browser settings being set, the browser doesn't even know it should send credential info.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

  • 0 in reply to BrucekConvergent
    This comes back to the discussion I started last month on designing a scheme for using SSO and HTTP Profiles.  I would appreciate corrections and observations on the following idea.
    The basic "default" profile should be set in the transparent mode and should be the most restrictive.  Profiles allowing more access should be in SSO authentication mode.  Supply the end users with a cheat-sheet showing them how to change their browser to get more access if they want.

    Thanks in advance for your thoughts.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • 0 in reply to BAlfson
    Hi  all

    changing the proxy configuration can be done using the "group policy" in the AD 
    without the user interference