Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Websense - How to Stop Login

Posted on 2016-07-28
3
Medium Priority
?
160 Views
Last Modified: 2016-09-01
I'm not super familiar with Websense. I have a client using Websense (Forcepoint) Cloud Security. When the users are at their location, everything works great. However, when they are offsite anytime they venture onto the web they are sent to a login screen. It was my understanding that with the endpoint client installed, which it is, they would not have to login when browsing. Could there be something misconfigured? Are there any Websense/Forcepoint experts who could give me a hand with this?
0
Comment
Question by:MrComputerIT
  • 3
3 Comments
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points (awarded by participants)
ID: 41733218
It sounds to me it is proxy authentication which prompt the login. Authentication on the proxy requires users to identify themselves.
Note
When prompted for credentials, if the user does not enter a domain name, a "session timeout" error can result, or the user may be re-prompted.
http://www.websense.com/content/support/library/web/v75/wcg_help/browser_limitations.aspx#1078246

It may be the sense that in other site it is not in authenticated mode hence the prompt  pops up. May need to check the setting for the proxy  e.g.
*Using LDAP proxy authentication
*Using RADIUS proxy authentication
*Using NTLM proxy authentication
http://www.websense.com/content/support/library/web/v75/wcg_help/authen.aspx
0
 
LVL 65

Assisted Solution

by:btan
btan earned 2000 total points (awarded by participants)
ID: 41754852
Typically for such prompting of login from browser is due to proxy,in this case, Websense (Forcepoint) Cloud Security is authenticating the user prior to granting further access into the internet or other networks.. the prompt can happen on below scenario
a) if session is timeout as shared in previous post whereby the session can be expired or idle for a long session which will requires re-login. At times it can also be timeout is too short hence the multiple prompt triggers
b) if user session is not in sync such that the identity cannot be established as user is trying to gain access to authenticated resources.
c) if synchronised user does not meet the below NTLM identification if it is configured to check prir to granting further access
For NTLM identification to work for synchronized users:
Synced users must be coming from a known IP address (previously configured in a Cloud policy).
If they are coming from a known IP address but still receive an authentication prompt, then one or more of the following may apply:
The NTLM ID’s may not match.
The browser they are using does not support NTLM.
They are logged in as a local user (not the synced domain account).
If everything is working, as it should for the synced users, then the only time they should receive a logon page is when they are roaming.
 
d) if there is no deployed Web Endpoint Client or Authentication Service to the client, then Cloud Web Security can only identify users transparently or manually when they connect to the Internet. These options are also used as a fallback if either the Endpoint Client or Authentication Service fails. There is need to review the below too.
Cloud Web Security transparent identification options:
Websense Web Endpoint client is installed on end user machines. It provides transparent authentication, enforce use of Cloud security filtering and passes authentication details to the Cloud service. See Deploying Web Endpoint Client.

Websense Authentication Service provides clientless transparent authentication via a Websense gateway V-Series appliance hosted on your network. See Deploying Authentication Service.
http://www.websense.com/support/article/kbarticle/Authenticating-the-first-time-with-Hosted-Web-Security

More info on "Setting Up End-User Authentication" http://www.websense.com/content/support/library/web/hosted/getting_started/enduser_auth.aspx
0
 
LVL 65

Expert Comment

by:btan
ID: 41779493
Explained on the most probable cause to the issued faced and propose measure to consider
0

Featured Post

Cyber Threats to Small Businesses (Part 1)

This past May, Webroot surveyed more than 600 IT decision-makers at medium-sized companies to see how these small businesses perceived new threats facing their organizations.  Read what Webroot CISO, Gary Hayslip, has to say about the survey in part 1 of this 2-part blog series.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Sometimes Administrators rights are not enough. These cases call for the SYSTEM account. The process in this article outlines the steps required to execute commands using the SYSTEM account.
With the evolution of technology, we have finally reached a point where it is possible to have home automation features like having your thermostat turn up and door lock itself when you leave, as well as a complete home security system. This is a st…
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Delivering innovative fully-managed cloud services for mission-critical applications requires expertise in multiple areas plus vision and commitment. Meet a few of the people behind the quality services of Concerto.

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question