ProxySG Content Policy Language Guide
authenticate( )
Identifies the realm used to authenticate the user associated with the current transaction.
Authentication realms are referenced by the name given in configuration.
If the transaction has already been authenticated in the same realm by the SOCKS proxy, no new authentication challenge is issued. If the realms identified in the socks.authenticate( ) and authenticate( ) actions differ however, a new challenge is issued.
How authentication is performed is a function of the capabilities of the realm, the protocol involved, and the setting of the authenticate.mode( ) property.
The authenticate( ) action has higher precedence than allow, so a subsequent allow does not prevent an authentication challenge.
The relation between authentication and denial is controlled through the authenticate.force( ) property. The default setting no implies that denial overrides authenticate( ), with the result that user names may not appear for denied requests if that denial could be determined without authentication. To ensure that user names appear in access logs, use authenticate.force(yes).
Syntax
authenticate(no)
authenticate(realm_name[, display_name])
The default value is no.
where:
•
•
•
Discussion
The authenticate( ) property may result in the following exceptions, testable with the exception.id= trigger in an <Exception> layer.
•
•
•
Layer and Transaction Notes
•Use in <Proxy> and <Admin> layers.
•Applies to proxy and administrator transactions.
Example
;Require authentication for internet access. <proxy>
160
