How to get user 'logged in' to ironport web filter without launching IE

We have an issue with some employees who use third party programs that traverse the Internet.  These programs are 100% allowed by the organization as they are required for day to day business.  Some programs go over the Internet to communicate for certain reasons, such as a live chat help support, or ordering products, etc..
The problem is that some of these users log in and never even touch Internet Explorer for awhile.  They will go on and start working right away.  Well if they don't try to access an Internet site via IE, then the Ironport does not 'log them in', and they are known as unauthenticated.  Of course this doesn't happen with everyone.  There's nothing wrong with people coming in a little early and checking the local news online.
We were thinking up if it's possible to have each user 'touch' the ironport web filter in some way during a logon script, unbeknown to the end user, so that they are 'signed in' and whatever Internet connected application they launch has access through to the Internet.  Right now they need to at least launch IE and go to some site (say Google or MSN) and via NTLM credentials transparently passed through IE7, 8 or 9, they can simply close the page and go about their business.  Note: they MUST go to an external site.... not an internally hosted one (such as our Intranet, time clock or HR self service pages).
So is there any commands we can put in via kix or bat or something that will say "Hey Ironport, %username% just logged in at 10.x.x.x".  Then maybe to make it more advanced, a logoff script that says "Hey Ironport, %username% just logged OFF of 10.x.x.x".  This way when our hourly timeout happens, they aren't immediately booted from their Internet applications (if they don't keep an IE window open that is).
Right now our ASA Firewall uses WCCP to forward port 80 to the ironport web filter.  The Ironport is a transparent proxy.
Thanks!

So it looks like you are moving the authentication from the Ironport S160 to the ASA5500 series firewall?
I guess we are looking at something simpler, like a way to 'touch' the internet and pass NTLM credentials, because then the Ironport knows who the user is.
If the user does not 'touch' the internet with IE, and say they use some other program that does not pass NTLM credentials (say Firefox or live chat program, or an ftp program, etc...) They are likely to be blocked, because the Ironport doesn't know who they are.
Your link seems to lead to a complicated setup for something that seems so simple.  I'm not sure how that relates to an Ironport S160.. it seems to focus on the ASA5500. Also we want it to be completely 100% transparent to the end user.
This is how it worked with a Barracuda web filter appliance...
A DCAgent program sat on each domain controller. As users logged in or out of the domain, this agent passed this current activity to the Barracuda web filter appliance.
The Barracuda appliance knew exactly who was logged in because of this little program on the domain controller(s) that kept it updated. Based on this, policies could be assigned based on Active Directory group memberships. ie) HR and Marketing can access Facebook, while others cannot.
I guess I'm looking for similar functionality with the Ironport S160. If there's any way the domain controller, or even the client PC can say "Hey Ironport, %username% is logged on here at %ip_address%". That way the Ironport would know who they are, and there would be no unnecessary authentication boxes (besides the user logging into the windows domain). They could use internet connected apps that do not pass NTLM authentication. I guess the client PC or the domain controller would also have to tell the IronPort when they signed off, just so we don't have to deal with authentication timeouts. This way, say they are in our internet chat help program... after an hour, it will cut out and disconnect them - because the IronPort forgets who they are (unless they are actively using the internet with IE).
So for now, we just use the bypass option for the affected internet services.  The default browser is IE, so the reality is that we are not suffering any tremendous inconvienence.  It's just that we want to ensure we have the best robust solution, and we can handle these types of situations with programs other than IE accessing internet resources.

Similar Messages

  • How to get user logged in to ironport web

    How to get user logged in to ironport web by  their username, time connected and the IP address?

    The onbox reporting can only show what web traffic is currently being surfed.  We can provide a near-real time view of this web traffic with a "Web Tracking Report".
    However, there is not a report available that depicts what you're describing.  (This information is best contained on the domain server).  The closes we could get with the WSA is displaying which credentials we are currently caching.  (Which users we've seen since within the surrogate timeout).  This is possible with the authcache command on the cli.
    ~Tim

  • How to get/capture log-on user name on PC (work station)

    Hi,
    Colud anyone give me how to get/capture log-on user name on my PC (work station)?
    I need to get the infomation by using a function module.
    Kind regards,
    Hisao

    Hi,
    TH_USER_INFO shows me terminal ID, IP address and other information. howerver it does't show me log-on user name of OS.
    Kind regards,
    Hisao

  • How to get the logged in userId value in adf task flow OIM11g R2

    Hi,
    I have created an adf task flow. Now I want to run some query in that based on the logged in userId.
    Could you please help me in knowing how to get the logged in userID value in adf TaskFlow so that I can run a parameterized query.
    Thanks

    3 different ways to retrieve the username (not sure what you mean by user ID) :
    http://mahmoudoracle.blogspot.be/2012/06/adf-get-current-logged-user-name.html#.USI_c-h8zIo
    Also provide your JDev version.
    Basicly, you should use the groovy expression in a view criteria (it's the fastest and easiest way) and call that view criteria whenever you need it.
    That's if you are using ADF BC of course.

  • How to get User input in JTextField?

    How to get User input in JTextField? Can u anyone give me some code samples? thanks

    read the API!!!

  • How to Get user profile properties in provider -cloud hosted app in sharepoint online - office 365 using REST API?

    How to Get user profile properties in provider -cloud hosted app in sharepoint online - office 365 using REST API?
    any idea?

    Hi,
    From your description, my understanding is that you want to get user profile properties in provider-hosted app in SharePoint online using REST API.
    Here is sample code for getting user profile properties:
    http://www.vrdmn.com/2013/07/sharepoint-2013-get-userprofile.html
    Here is a blog below about accessing data from the provider-host apps:
    http://dannyjessee.com/blog/index.php/2014/07/accessing-sharepoint-data-from-provider-hosted-apps-use-the-right-context/
    Best Regards,
    Vincent Han
    TechNet Community Support
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact
    [email protected]

  • How to get user input to keep in array in the form of int[]?

    I really want to know how to get user input to keep in an array. Or if it's impossible, can i use the value in "int" and transfer it to an array?

    What I understand is that you want to set an input from the user in an array of int.
    Here is how it work:
    1. Create a stream and a buffer to get and store the informations entered by the user:
    BufferedReader stdin = new BufferedReader(new InputStreamReader(System.in));
    2. Set this input in a String:
    String input = stdin.readLine();
    3. Set this string in an int:
    int userInput = Integer.parseInt(input);
    4. Then you can put this int in the array.
    Warning this code throws IOExceptions and NumberFormatException ( when you try to set letters as int ). But you can catch them easily.

  • How to monitor user logs,security logs,trace file,and performance monitori

    Hi guys,
    pls tel me how to monitor user logs,security logs,trace file,and performance monitoring.
    thanks
    regards
    kamal

    Hi,
    you can have a look in the Netweaver administration :
    http://<portal>:<port>/nwa
    Go to monitoring, Java system reports, etc..., you will find what you want.
    Fabien.

  • How to get the return values from a web page

    Hi all :
       how to get the return values from a web page ?  I mean how pass values betwen webflow and web page ?
    thank you very much
    Edited by: jingying Sony on Apr 15, 2010 6:15 AM
    Edited by: jingying Sony on Apr 15, 2010 6:18 AM

    Hi,
    What kind of web page do you have? Do you have possibility to for example make RFCs? Then you could trigger events (with parameters that could "return" the values) and the workflow could react to those events. For example your task can have terminating events.
    Regards,
    Karri

  • How to get the ablolute path of the web application in WebSphere?

    How to get the ablolute path of the web application in WebSphere?
    For example:
    I have installed IBM WebSphere on D:\WebSphere\Appserver, and I created a new appliction named "myapp" on D:\myapp,. How can I get the absolute path of application "myapp"? In other words,how can I get the absolute path of the application's
    root directory?

    In the WebSphere(default), what directory is the Java Bean's root directory ?

  • How do I read a properties file in WEB-INF without hard-coding a path?

    Hello,
    How do I read a properties file in WEB-INF without hard-coding a path?
    I tried:
    Properties properties = new Properties();
    properties.load(new FileInputStream("db.properties"));
    driver = properties.getProperty("driver");
    but it cannot find the db.properties file.
    Thanks for the help.
    Frank

    Don't use a File to read those properties.
    Better to use the servlet context and
    getResourceAsStream() method to get the InputStream.
    It'll look for any file in the CLASSPATH. If you put
    that properties file in the WEB-INF/classes directory
    you'll have no problems, even if you deploy with a
    WAR file.Completely agree with this approach. Just have to mention the following for completeness
    according to the API,
    "This method is different from java.lang.Class.getResourceAsStream, which uses a class loader. This method allows servlet containers to make a resource available to a servlet from any location, without using a class loader. "
    So using this method, the resource can be anywhere under your web context, not just in the classpath.
    Cheers,
    evnafets

  • How to get Current Log in BO user name in data access driver

    In universe, to get the current log in user is via @Variable('BOUSER').
    Right now, I need to be able to get the user name in the data access driver. I am writing a customized data access driver because we need to patch some where clause on the the query generated by the universe based on the logged-in user info. I only think of using end_sql parameter or adding an universe level filter to patch the @Variable('BOUSER') to the query, which would not work if user want to use customized query.
    Can anyone tell me how to get currentBO user name from connection server ? or how @Variable('BOUSER') is translated into the logged-in user name in the universe?

    Shweta,
    The link you provided was the Auditor guide for BO 6.x, I'm not sure it that is going to help Karen or not.
    Karen,
    There is function called connection
    (usage:  =connection([Query Name]), where [Query Name]
    denotes the name of the tab for the query under Edit Query)
    Here is some of the output from connection:
    4;ODBC18;MS SQL Server 2000166; VERSION=7; USER=xxxxx;
    PASSWORD=; DBTYPE=Relational; DATABASE=xxx_xxxx;
    ODBC_USER=xxxxxx; ODBC_PASSWORD=; BO_DSN=xxxx_xxxx;
    BO_DRV_CONNECT_MODE=0; 224; VERSION=6; Name=xxxxx; Shared=4;
    LoginTimeout=600; Timeout=600; Pool Time=60; Array Fetch Size=10;
    Array Bind Size=5; RecommendedLenTransfert=1000; Password_Encryption=x;
    AliasTable=; MeasureDimension=; Hint=; ConnectInit=; ArrayFetch=1;
    I'm not sure if this info helps out either, being that connection provides info on a post-processing basis and it sounds like you need to get out ahead of the SQL generation.  The @variable('bouser') would seem like the place to be, however, in allowing custom SQL to take place you loose the bouser due to an individual could customize the SQL to the point that it gets unwantingly yanked out.  The end_sql might be your answer...
    Thanks,
    John

  • How to get current logged-in user name in data access driver or in universe

    In universe, to get the current log in user is via @Variable('BOUSER').
    Right now, I need to be able to get the user name in the data access driver. I am writing a customized data access driver because we need to patch some where clause on the the query generated by the universe based on the logged-in user info. I only think of using end_sql parameter or adding an universe level filter to patch the @Variable('BOUSER') to the query, which would not work if user want to use customized query.
    Can anyone tell me how to get currentBO user name from connection server ? or how @Variable('BOUSER') is translated into the logged-in user name in the universe?

    I do not know your EJB Service. But you should pass the credentials of the current logged on portal user to your service. That's not by default I think.
    I had a similar problem with CAF developed webservices. I had to turn on permission checks in my web service and passed the credentials via logon ticket.
    Regards, Bernd

  • OIM11gr2 - How to get currently logged in user details using oim api

    Hi All,
    I have a requirement to retrieve currently logged in users profile in the process adapter.
    I have tried with getSelfProfile in tcUserOperation and also ContextManager.getOIMUser API's however, in both the cases i am getting xelsysadm details only.
    Also as know request details in Process task mapping doesnot work for OIM11g onwards (its returning column not found exception )
    DOes any one has idea how to achieve this.
    PS. - i am using platform to retrieve API's.
    Thanks & Regards
    Swati Pandey

    You can get the logged in user name using the below java code:
    ADFContext adfCtx = ADFContext.getCurrent();
    SecurityContext secCntx = adfCtx.getSecurityContext();
    String user = secCntx.getUserPrincipal().getName();
    HTH

  • How to get SSO logged user information in a database trigger

    my database is 9i
    my application server is 9i too
    I need to track which SSO user is inserting data into a table , so how can i get the information of that user in a database trigger on that table
    thanks

    Hi,
    The only way I could figure out how to get it was to import the com.sap.security.api.
    1. From Window>Preferences>Java-->Classpath Variables, set up a variable called WEBAS_HOME pointing to:
    <drive>/usr/sap/<SID>/jc00/j2ee/cluster/server0/
    2. Right click on properties of your Dynpro Project->Properties->Java Build Path->Libraries and click "Add Variable." 
    3. Select WEBAS_HOME and click "Extend"
    4. Select /bin/ext/com.sap.api.sda/com.sap.security.api.jar and click OK.
    If you don't have access to a portal directory, you will have to get this jar file and copy it to your workspace to add to your build path instead of the above steps.
    Then in your code:
    import com.sap.security.api.IUser;
    import com.sap.security.api.IUserAccount;
      public void GetLogonID( )
         String LogonID;
         try {
              /*     create an user object from the current user */
              IWDClientUser wdUser = WDClientUser.getCurrentUser();
              IUser user = wdUser.getSAPUser();
              if (user != null) {
                   IUserAccount acct = user.getUserAccounts()[0];
                   if (acct != null) {
                        LogonID = acct.getLogonUid();
                   } else
                        LogonID = "acct null";
              } else {
                   LogonID = "user null";
              wdContext.currentContextElement().setDisplayName(user.getFirstName() + " " + user.getLastName());
              wdContext.currentContextElement().setLogonID(LogonID.toUpperCase());
         } catch (Exception e) {
              e.printStackTrace();
    Hope this helps...  I had to search several places before I found all the necessary stuff.  Maybe I can get my first points!
    Thanks,
    Andrew

Maybe you are looking for

  • How to get document number in user  created form?

    Hi All,          I am creating a form.In that i want to maintain Document number for each form(each order)(like in sales order form (Document  No. field)).                Please help me to maintain the document number either manually or by system gen

  • Orphaned shadow fields cause "a duplicate name ... was found" - PowerShell solution

    When you create a site column of TaxonomyField type, SharePoint creates a "shadow" hidden field with the same name plus a trailing underscore and number. When you delete the main taxonomy field, SharePoint does NOT delete the shadow field. If you are

  • Function module for calculation of Income Tax

    Hi Friends, Please guide me any function module which calculates income tax. I have total income with me. I want to know the :--                             -->tax on total income,                             -->education cess 3%,                    

  • How to read data from credit card reader

    Guys, We are planning to implement CASH DESK (FPCJ) interface, The requirement is when the user wants to pay his bill using his credit card by swiping on credit card machine (MAGTEK Made in TAIWAN) , I want read those detail and fill sap screen field

  • Video streaming faster on 3G than WIFI?

    I've noticed that when watching Youtube or QT streams that they are much faster to load on the cell networks than on WIFI. Correct me if I'm wrong but it looks like the iPhone streams a higher quality video when connected to the WIFI? This is all goo