Re: Auth from PIX : How to pass authentication information to we

bdube · ‎10-16-2001

If i''m using the PIX/Tacacs+ to authenticate & authorize user to access the Web server (in DMZ), how can i pass the authentication information to the web server because this application needs to know who is the user?

thomas.chen · ‎10-22-2001

As I understand it, when you browse to the webserver and enter your credentials, the PIX intercepts and forwards on to the AAA server. MS Explorer thinks you are authenticating against any webserver so once authenticated it resends those credentials in the http get. So theoretically those credentials are there for your use. There is no way to forward this from the PIX or the AAA server.

bdube · ‎10-22-2001

Hi Thomas,

Yes, the PIX is able to ask for credentials to web surfer, when port 80 is triggered, and authenticate the access request against a AAA server. What i'm searching for, is a solution to simulate the authentication process but between the PIX & the Web server because the web server needs also the credentials not for a security purpose but only for an identification (personalized Web) purpose. I know, one way to do that is asking a second time the credentials, by the web server, but i wish to authenticate only once.

Other issue:

I know there is some problems about how Cisco is controlling the access when autorization granted because the pix only take care of de SA/DA instead of SA-SP/DA-DP leaving a second remote user behind a PAT gateway accessing the web server because a first user as been granted before for the same location.

If someone has the answers to the preceding issues, i will appreciate to know.

Thanks you

Benoit

Auth from PIX : How to pass authentication information to web server