ProxySG Content Policy Language Guide
160
authenticate( )Identifies the realm used to authenticate the user associated with the current transaction.
Authentication realms are referenced by the name given in configuration.
If the transaction has already been authenticated in the same realm by the SOCKS proxy, no new
authentication challenge is issued. If the realms identified in the socks.authenticate( ) and
authenticate( ) actions differ however, a new challenge is issued.
How authentication is performed is a function of the capabilities of the realm, the protocol involved,
and the setting of the authenticate.mode( ) property.
The authenticate( ) action has higher precedence than allow, so a subsequent allow does not
prevent an authentication challenge.
The relation between authentication and denial is controlled through the authenticate.force( )
property. The default setting no implies that denial overrides authenticate( ), with the result that
user names may not appear for denied requests if that denial could be determined without
authentication. To ensure that user names appear in access logs, use authenticate.force(yes).
Syntax
authenticate(no)
authenticate(realm_name[, display_name])
The default value is no.
where:
•no—User authentication is not required for this transaction. No authentication challenge is issued.
•realm_name—A realm that must be authenticated against. An authentication challenge may be
issued.
•display_name—A string that is displayed in the Web browser when credentials are requested in
place of realm_name.
Discussion
The authenticate( ) property may result in the following exceptions, testable with the
exception.id= trigger in an <Exception> layer.
•authentication_failed—The offered credentials were not valid in this authentication realm.
•authentication_failed_password_expired—Authentication failed due to password expiry.
•configuration_error—Authentication failed due to a realm configuration error.
Layer and Transaction Notes
•Use in <Proxy> and <Admin> layers.
• Applies to proxy and administrator transactions.
Example
; Require authentication for internet access.
<proxy>