This article applies to:

• WebMarshal 6.10.3 and above

Question:

• How can I forward information about the authenticated user to other devices?
• Identifying the authenticated user at a proxy server upstream of WebMarshal

Procedure:

If WebMarshal forwards traffic to another proxy server or deviceyou may want to know which user was authenticated by WebMarshal.

WebMarshal 6.10.3 and above supports adding the X-Authenticated-User: header when using an upstream proxy. This header shows the user account associated with the request made to WebMarshal. It can be read using network capture software, or from logs of another device.

• If IP authentication was used, the "authenticated user" is the machine name or IP address.

To enable X-Authenticated-User:

Add an attribute entry in the WebMarshal Proxy Configuration file (WMProxy.config.xml) as follows:

<WebMarshal>
  <Proxy>
      <Config>
        <ProxySettings forwardAuthenticatedUser="true" {other settings} />
      <Config>
   <Proxy>
</WebMarshal>

If the ProxySettings element is already present, do not add another copy of this element. For more information about editing XML documents, see Knowledge Base article Q12705.

To apply the change, restart the Proxy service.

Notes:

• This setting only applies when WebMarshal is set to use an upstream proxy. If WebMarshal is set to direct internet access, the header is not added.
• In a WebMarshal array, add this entry to the file on each processing node server.
• To reduce security exposure, you should turn this option off when you are not actively using it.
• For HTTPS requests, the X-Authenticated-User header is added only if the request is inspected.
• If the X-Authenticated-User header was present in the request made to WebMarshal (indicating the request had already been forwarded from another device), it will be replaced with the username that was used to connect to WebMarshal.