In transparent mode, user not authenticated/identified on HTTPS website


This article applies to:

  • SWG 10.x

Question:

  • When a user browses a HTTP site, authentication/identification  works correctly and any subsequent HTTPS session works fine (the user is already authenticated/identified). When a user browses a HTTPS site first, authentication/identification doesn't work and the logs indicate the user is an "Unknown User". How can we correctly identify the user in both cases? (Configuration is Transparent mode, authenticate or get user credentials identification policy, and IP Caching is set as the "Authentication Retention Method").
  • A user opening a new browser to a HTTPS site is unrecognized (Unknown User), but there is no problem if the user first browses to a plain HTTP site and then any HTTPS site.

Reply:

Authenticate or Get User Credentials policy for HTTPS is not supported. This can be seen when trying to enable transparent mode on a device with the "Authenticate" or "Get User Credentials" identification policy, as the following alert is displayed:

HTTPS Transaction will not be authenticated as long as Transparent Proxy is enabled.

Or:

It works when HTTP is used first because the user credentials are cached after authentication, and are sent by the browser in subsequent requests to the SWG.


Last Modified 6/8/2012.
https://support.trustwave.com/kb/KnowledgebaseArticle14385.aspx