Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 4887 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO and user switching delay

EricFrancoeur
I'm using SSO Authentication Transparent.  Works fine, until I log off and log back.  The first 5-10 mins the new logged in user still pass as the logged out user (When you look at the live log). 

How can I cut that delay to none... or close to none


This thread was automatically locked due to age.
Parents
  • 0
    What do you get from

    cc get http transparent_auth_timeout


    and

    cc get http auth_cache_ttl


    now?

    You should set the transparent_auth_timeout on the 'Misc' tab of 'Filtering Options'.  The ttl for AD-SSO can only be set at the command line, but shouldn't be necessary.

    This is starting to look like a can of worms....

    Yes, with Transparent and Terminal Server, things don't work as you would like.  Is there a reason to NOT use Standard mode for the TS?  When the Proxy is configured in Windows, browsing requests include the user's credentials.  Reports based on IP will still be "fooled" by this, but Web Filtering reporting and logging will work as you wish.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    What do you get from

    cc get http transparent_auth_timeout


    and

    cc get http auth_cache_ttl


    now?

    You should set the transparent_auth_timeout on the 'Misc' tab of 'Filtering Options'.  The ttl for AD-SSO can only be set at the command line, but shouldn't be necessary.

    This is starting to look like a can of worms....

    Yes, with Transparent and Terminal Server, things don't work as you would like.  Is there a reason to NOT use Standard mode for the TS?  When the Proxy is configured in Windows, browsing requests include the user's credentials.  Reports based on IP will still be "fooled" by this, but Web Filtering reporting and logging will work as you wish.

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
No Data
Unfiltered HTML