How auth-proxy Works
Before getting into the details of the troubleshooting steps of auth-proxy, you must first understand how auth-proxy works. Figure 5-6 illustrates the mechanics of auth-proxy.
Figure 5-6. Auth-proxy Operation
The following sequence describes the steps outlined in Figure 5-6:
| 1. | The user initiates a HTTP (HTTPS/FTP/Telnet) connection going through the router. The router intercepts the request and starts auth-proxy. If the user has already been authenticated, the connection is completed with no further auth-proxy activity. |
| 2. | If there is no authentication info for this user, the user is prompted for username and password. |
| 3. | If the authentication succeeds, the user's authorization profile is downloaded from the Authentication, Authorization and Accounting (AAA) server, which contains an ACL that is then dynamically created by the router based on the source IP address of the client. This dynamic ACL is then stored in the hashed storage, which is called the Authorization cache. |
| 4. | In the final step, the Auth Proxy router refreshes the client's HTML request for reload and directs it to the target URL. |