Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Contact Us
Login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Contact Us
Login

login

Fusion Platform Login

What is the Trustwave Fusion Platform?

Support Download/Forum Login

MailMarshal Cloud Login
Incident Response
Incident Response
Experiencing a security breach?

Get access to immediate incident response assistance.

24 HOUR HOTLINES
AMERICAS +1 855 438 4305

EMEA +44 8081687370

AUSTRALIA +61 1300901211

SINGAPORE +65 68175019

Recommended Actions

Trustwave SpiderLabs Exposes Unique Cybersecurity Threats in the Public Sector. Learn More

Request a Demo

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

View All Trustwave Services

BY INDUSTRY

BY REGULATION

BY TOPIC

Offensive Security

Solutions to maximize your security ROI

Microsoft Exchange Server Attacks

Stay protected against emerging threats

Rapidly Secure New Environments

Security for rapid response situations

Securing the Cloud

Safely navigate and stay protected

Securing the IoT Landscape

Test, monitor and secure network objects

About Us

We reduce cyber risk and fortify organizations

Awards and Accolades

Recognition by analysts and media outlets

Trustwave SpiderLabs Team

Global researchers, ethical hackers, and responders

Trustwave Fusion Security Operations Platform

Unprecedented security visibility and control

Trustwave Security Colony

Access to cybersecurity threat protection resources

Technology Alliance Partners

Key alliances who align and support our ecosystem of security offerings

Trustwave PartnerOne Program

Join forces with Trustwave to protect against the most advance cybersecurity threats

BLOGS

UPCOMING

MEDIA & ASSETS

NOTICES

HELP

Trustwave Knowledge Base

KB Home Search Latest Additions Most Popular

Knowledgebase

Home » Knowledgebase » WebMarshal » ERRMSG: User is not authenticated or Undefined WebMarshal User

ERRMSG: User is not authenticated or Undefined WebMarshal User

Show/Hide Article Tools

This article applies to:

WebMarshal

Symptoms:

User browsing restricted
Error messages:
- User Is Not Authenticated
- The user name ... is not known to WebMarshal
- The current user account is not recognized by WebMarshal
- The web site was restricted by the rule "Standard Rules\Block - Undefined WebMarshal User"

Information:

These messages are returned in these cases:

The account information for the user who is browsing has not been imported into WebMarshal (from AD, NT, or NDS)
WebMarshal is using IP based (workstation) authentication, and the user is browsing from a workstation that is not within any configured IP group range
The account or IP is configured as a user, but it is not a member of any group that controls access

See below for more information about these cases.

1. User is Not Authenticated - The user name is not known to WebMarshal

This condition can occur when you use account based authentication (AD, NT, or NDS).

When using Windows or NDS authentication, create the appropriate connector and make sure that you import a global user group, or combination of user groups, containing all users that will browse through WebMarshal.

To check if the particular user is "known" to WebMarshal, open the web browser on the user's computer, confirm the proxy settings point to the WebMarshal server and browse to http://webmarshal.home
If you find that imported AD groups are not updating properly with new or changed members, see Trustwave Knowledge Base article Q12052.
After importing new groups, be sure to grant access to the groups or members (see #3 below)

2. User is Not Authenticated: The current user account is not recognized by WebMarshal

When using IP (workstation) based authentication, make sure that you create IP ranges to cover all workstations that will browse through WebMarshal. For more information about configuring IP based authentication, see Trustwave Knowledge Base article Q14512.

3. The web site was restricted by the rule "Standard Rules\Block - Undefined WebMarshal User"

This condition can occur when you set up WebMarshal with the default policy.

WebMarshal rules are applied to user groups. The default policy (created with new installations) includes four main user groups. If a user is not a member of any of these groups, they will be denied all access by a catch-all rule found at the beginning of the Standard Rules listing (see the notes below for the definition of this rule).

The quickest way to give browsing permission to users is to add all users, or imported user groups, to one of the default WebMarshal user groups.

In the WebMarshal Console, expand Policy Elements > User Groups.
To quickly set permissions for many users, drag an imported group into a default WebMarshal group such as Standard Users.
You can also select an imported group to view its members, and then drag individual members into a default WebMarshal group.
Remember to commit configuration after making changes.

You can also create additional WebMarshal groups and use these in rules.

You can create or edit rules to suit your requirements.

Best practice for efficient management of policy is NOT to use imported groups directly in rules. Instead:

Use the existing WebMarshal groups, or create new WebMarshal groups defined by function (like the default groups).
Add the required imported groups (AD, NTLM, NDS, or IP groups), or individual members, to the WebMarshal groups. You can add any number and combination of these groups and users to a WebMarshal group.
Use only WebMarshal groups when creating or editing rules.

Notes:

The default catch-all block rule appears as follows:

Block - Undefined WebMarshal User

Block access for all users that don't belong to the default WebMarshal groups. USAGE: New users or groups imported into WebMarshal should be added to a suitable default WebMarshal Group. If no suitable default rule exists, then new groups should be created, and new rules should be written for these users. Add new user groups to the user exclusion list in this rule as required. NOTE: The "Exclude From Reporting" default group is not included in this rule because it does not control access to sites.

When a web request is received
For any users
Except where the user is a member of Power Users, Restricted Users, Standard Users, Unrestricted Site Access
And where addressed to any URL

Block access to this site and display Blocked page
And do not process any further standard rules