Blue Coat OPT-1000-2499-3YR User Manual Page 57
- Page / 121
- Table of contents
- BOOKMARKS
Rated. / 5. Based on customer reviews
57
5.4.7. Using client certificates
As we have mentioned above, OPTENET can obtain authentication credentials from client
certificate data. To do so, this option has to be enabled.
On doing so, OPTENET’s own authentication server becomes a secure server, which has
to be accessed using an https protocol, rather than an http protocol. From this moment
on, data transmission between OPTENET and the user is secure, using the SSL protocol.
Taking advantage of the possibility offered by SSL communications to send client
certificates, OPTENET requests a digital certificate from users containing their
credentials. Once received, OPTENET can validate the identity of this user using the
information contained in the certificate, without the user having to enter their username
and password.
5.4.8. LDAP field to verify the client certificate
To check that the digital certificate provided by a user coincides with the contents defined
as data origin in the LDAP database, OPTENET has to consult the LDAP database.
To do so, OPTENET obtains the client certificate’s digital fingerprint and compares it to
the data in the LDAP field defined in this section. If the query is rejected, whether
because the configured field does not exist or because there is no user associated to this
digital certificate information, OPTENET offers the user the chance to authenticate
themselves by entering a username and password.
5.4.9. Activation of user alias consultation (LDAP)
When working with ICAP or ISA Server, by activating this option OPTENET can work with
an LDAP user identifier other than "Distinguished name".
Whatever the user identifier that has been configured on LDAP, in the request OPTENET
receives the "Distinguished name" from the Appliance or ISA as the user identifier. In
order solve the problem, OPTENET must carry out a consultation in order to obtain the
user identifier configured on LDAP which corresponds to the "Distinguished name"
received.
By default this option is deactivated. Once the option has been activated, the user-alias
cache must be configured (following section of the manual) and the filtering criterion field
must be established for each LDAP server that has been defined in the OPTENET
administration.
5.4.10. Life period of the user-alias association
In order to avoid saturating LDAP servers by making a consultation for every ICAP
request, OPTENET maintains an internal cache that associates a "Distinguished name"
with the user identifier configured on LDAP. In this respect, the LDAP consultation is only
made the first time. On subsequent occasions OPTENET uses the value stored in the
cache. This cache has a maximum life period, after which the entries expire, which is
when the LDAP consultation must be made again.
In this box the maximum life period must be entered in seconds.
- User’s Manual 1
- 1. INTRODUCTION 5
- 3. INSTALLATION 7
- 3.2. Installation 8
- Group of programs 11
- Windows REGISTRY 11
- System data 12
- OPTENET Server Elements 13
- Microsoft Web Proxy 15
- 3.2.3. Under Mac OS X 20
- Start-up and shut down 24
- 3.3.3. Under Mac OS X 27
- 3.4.1. On Windows systems 27
- 3.4.2. On Linux systems 27
- 3.4.3. On Solaris systems 28
- 3.4.4. On Aix Systems 28
- 3.4.5. Under Mac OS X 28
- 4. BASIC CONCEPTS 38
- 4.4. URL 39
- 4.5. Category 39
- 4.6. Rule 40
- 5. ADMINISTRATION 41
- 5.2. Documentation 43
- 5.3. Configuration 43
- 5.3.1. Filter Status 44
- 5.3.2. Blocking page 44
- 5.3.3. Log directory 45
- 5.3.4. Log configuration 45
- 5.4. Authentication 47
- 5.4.3. Server name or IP 55
- 5.4.4. Port 56
- 5.5. Categories 58
- 5.6. URL classification 59
- 5.7. Filtering Rules 62
- 5.7.1. Change Name 63
- 5.7.2. Action 64
- 5.7.3. Categories 64
- 5.7.4. Files 65
- 5.7.5. IPs 65
- 5.7.6. Users 66
- 5.7.7. User groups 68
- 5.7.8. Surfing Time Limit 68
- 5.7.9. Time Schedules 69
- 5.7.10. URLs Yes 69
- 5.7.11. URLs Not 70
- 5.7.12. Example of rule use 70
- 5.8. Updates 71
- 5.8.1. Via proxy 72
- 5.8.2. Updating Frequency 72
- 5.8.3. Consolidation to disk 72
- 5.9. Reports 73
- 5.11. Advanced configuration 75
- 5.11.2. Skype detection 77
- 5.12. Cluster management 80
- 5.12.2. Clusters 82
- 5.12.3. Servers 83
- 5.13. License 87
- 5.14. System information 87
- 6. FREQUENT PROBLEMS 89
- (OPTENET CLI V1.0) 95
- 2.2.2. Help 96
- 2.2.3. Commands 96
- 2.2.4. Script file 97
- 2.3. Command references 98
- 2.3.1. Configuration 99
- 2.3.2. Authentication 99
- 2.3.3. LDAP Authentication 99
- 2.3.4. Urls classification 100
- 2.3.5. Filtering rules 101
- 2.3.6. Updates 103
- 2.3.8. Working with cluster 105
- 2.4. Most common problems 106
- 5. ICAP NOW 112
- 6.2. Automatic start 115
- 7.1. Reload 115
- 8.1. Introduction 116
© 2020, manymanuals.com. All rights reserved. | 1.416 s |
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comments to this Manuals