F5 BIG-IP SSL Orchestrator Training Lab > All SSL Orchestrator Lab Guides > [Archived] SSL Orchestrator v7 (Agility 2020) Training Labs > SSL Orchestrator v7 - SSLO 201: Real World Use Cases / Putting It to Use (Agility | 2 hours) > 4. Transparent authentication using NTLM Source | Edit on
4.7. Enable authentication offloadΒΆ
Start a Web Shell to Service - ExpProxy (Components > Service - ExpProxy > ACCESS > Web Shell)
Enter the following command in the Web Shell:
tail -f /var/log/squid3/access.logVisit a few secure (HTTPS) websites (non-banking) using Firefox on the Windows 10 Desktop and confirm that access is still being logged. You should see log entries of the sites and URLs visited but the username field (immediately after the URI) will be blank ("-"), similar to the example below:
SSL Orchestrator does not pass authenticated usernames to a proxy service unless explicitly configured to do so. In the next step you will enable this feature.
On SSL Orchestrator select SSL Orchestrator > Configuration from the Main menu on the left
Click Services on the horizontal menu and then click on ssloS_SquidProxy. The Summary page will load for the Squid proxy service.
Click the edit icon (
) to the right of ServiceScroll down the Service Properties screen and select the Authentication Offload checkbox. Doing so will cause SSL Orchestrator to inject an "X-Authenticated-User" header into the HTTP payload of traffic it directs to the Squid proxy service.
Click the Save & Next button and confirm by clicking the OK button in the pop-up that appears
The Service Chain List screen will load. Wait a moment for the yellow "Deploy" ribbon to appear. When it does, click the Deploy button.
Visit a few more secure (HTTPS) websites (non-banking) using Firefox on the Windows 10 Desktop. You should now see your username logged along with the HTTP requests you sent, similar to the example below:
