0 Replies Latest reply on Oct 19, 2016 12:33 PM by eromito

    Cookie Authentication Issues

    eromito

      I am implementing a combination of cookie and client certificate authentication using slightly modified versions of McAfee's Authentication Server (Client x509 Authentication) and Cookie Authentication (for x509 Authentication) rule sets. Connecting client traffic will be NATed, so it will appear as though connections are coming from the same IP address. It is my understanding that the authentication server will use the connecting client's IP for authenticated sessions, so because there are NAT rules in place, I need to use cookies for successful unique client authentication. Please correct me if I am wrong. The authenticating user's username will be pulled from the client certificate and compared to a local list of allowed users.

       

      I am running into an issue with HTTPS connections because cookie headers are not included in the CONNECT header. The current rule sets work as expected for HTTP traffic, but I am trying to figure how to successfully authenticate HTTPS traffic. SSL Scanner and SSL Handling rules are enabled.

       

      Any suggestions are much appreciated! Thanks!