AppScaler SSO Two Factor Authentication GuideAdd one SSO Profile for AAA Server To add one SSO...
Transcript of AppScaler SSO Two Factor Authentication GuideAdd one SSO Profile for AAA Server To add one SSO...
AppScaler SSO Two Factor Authentication Guide
Version: 1.0.3
Update: April 2018
XPoint Network
AppScaler SSO Two Factor Authentication Guide
Notice To Users
Information in this guide is subject to change without notice. Companies, names, and data
used in examples herein are fictitious unless otherwise noted. No part of this guide may be
reproduced or transmitted in any form or by any means, electronic or mechanical, for any
purpose, without the express written permission of XPoint Network.
Copyright, Trademark
Copyright © 2017 XPoint Network. All rights reserved. All trademarks or trade names
mentioned herein, if any, are the property of their respective owners.
XPoint Network. reserves all ownership rights for the AppScaler product line including
software and documentation.
XPoint, the XPoint logo, AppScaler, and any other mark listed as a trademark in the “Terms of
Use” portion of the XPoint Web site that is used herein are either registered trademarks or
trademarks of XPoint Network. And/or its subsidiaries in the Hong Kong and/or other
countries.
Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT®, Windows®
2000, Windows® XP, and Windows® Vista are either registered trademarks or trademarks of
Microsoft Corporation in the United States and/or other countries.
Limitations
This document is provided “asis”. XPoint Network has made efforts to ensure that the
information presented herein are correct but make no explicit guarantee or warranty as to the
accuracy of the information contained herein. XPoint Network claims no responsibility,
implied or otherwise, to anyone wishing to act of follow the content of this document.
AppScaler SSO Two Factor Authentication Guide
Table of Contents
INTRODUCTION ........................................................ 4
Target Audience ........................................................................................................ 4
Conventions used in this publication ........................................................................ 4
Prerequisites .............................................................................................................. 4
OVERVIEW ............................................................. 5
ADD ONE ACTIVE DIRECTORY USER ..................................... 6
ADD ONE ACTIVE DIRECTORY BASED AAA SERVER....................... 9
ADD ONE RADIUS BASED AAA SERVER ................................. 11
ADD ONE SSO PROFILE FOR AAA SERVER .............................. 13
ADD ONE ACCESS POLICY.............................................. 15
ADD ONE VIRTUAL SERVICE ........................................... 17
CONFIGURE SSO FOR VIRTUAL SERVICE ............................... 19
SSO TESTING ......................................................... 20
SSO LOGON REPORT ................................................... 21
AppScaler SSO Two Factor Authentication Guide
Introduction
This document describes the process for AppScaler SSO two factor authentication
configuration.
Add one Active Directory User
Add one Active Directory based AAA Server
Add one Radius based AAA Server
Add one SSO Profile for AAA Servers
Add one Access Policy
Add one virtual service
Configure SSO for virtual service
Target Audience
This User Guide covers all aspects of AppScaler SSO two factor authentication and is intended
for both administrators and system integrators.
Conventions used in this publication
This publication uses various conventions to present information. Words that require special
treatment appear in specific fonts or font styles.
Prerequisites
The following are required to configure AppScaler SSO two factor authentication.
Radius Server
Windows Active Directory installed
Active Directory Domain configured correctly
FQDN of virtual service configured correctly
AppScaler SSO Two Factor Authentication Guide
Overview
AppScaler provides centralized and flexible application access authentication to consolidate
identity access management infrastructure and realize enhanced security at a reduced
operational cost.
AppScaler leverages both advanced client authentication and access management, combined
with the programmability of Post Form, it can offload authentication processing from business
applications to make for a simpler, more flexible and secure environment.
Providing SSO across applications deployed on heterogeneous platforms requires
standardization on a common identity and access management framework, AppScaler supports
a wide range of authentication protocols including LDAP, Radius, RAS SecurID, Kerberos,
and NTLM.
This document outlines the processes to provide pre-authentication based on two factor
authentication schema.
When user accesses SSO enabled virtual service, the login form will display for user to
enter credentials.
AppScaler will pass the credentials to radius and active directory for authentication.
If not authenticated, user cannot access virtual service.
If authenticated, user session will be stored and can access all the virtual services with the
same SSO profile.
AppScaler SSO Two Factor Authentication Guide
Add one Active Directory User
The user of active directory needs to be added, and we use the credentials to do the AD
authentication testing.
To add one active directory user:
Click Start->Administrative Tools->Active Directory Users and Computers
Go to user section
Input user details and click Next
AppScaler SSO Two Factor Authentication Guide
Input the password and click Next
Click Finish
AppScaler SSO Two Factor Authentication Guide
AppScaler SSO Two Factor Authentication Guide
Add one Active Directory based AAA Server
To add one Active Directory based AAA Server:
Login WebUI
navigate to SLB -> Profiles
Click Manage for Access Policy
In AAA Server tab, click Add
In the Add AAA Server page, enter the following
Click Save
AppScaler SSO Two Factor Authentication Guide
Settings Description Type The type for this AAA Server, including:
LDAP
Radius
SecurID
Kerberos
Name The name of this AAA Server
IP Address:Port The IP Address and Port of this AAA Server
Account Name The user name for this AAA Server authentication
Account Password The password for this AAA Server authentication
Notes The notes for this AAA Server
The AAA Server will be shown
AppScaler SSO Two Factor Authentication Guide
Add one Radius based AAA Server
To add one Radius based AAA Server:
Login WebUI
navigate to SLB -> Profiles
Click Manage for Access Policy
In AAA Server tab, click Add
In the Add AAA Server page, enter the following
Click Save
AppScaler SSO Two Factor Authentication Guide
Settings Description Type The type for this AAA Server, including:
LDAP
Radius
SecurID
Kerberos
Name The name of this AAA Server
IP Address:Port The IP Address and Port of this AAA Server
Account Name The user name for this AAA Server authentication
Account Password The password for this AAA Server authentication
Notes The notes for this AAA Server
The AAA Server will be shown
AppScaler SSO Two Factor Authentication Guide
Add one SSO Profile for AAA Server
To add one SSO Profile for AAA Server:
Login webUI
navigate to SLB -> Profiles
Click Manage for Access Policy
In SSO Profile tab, click Add
In the Add SSO Profile page, enter the following
Click Save
Settings Description Name The name of this SSO Profile
SSO Ident The SSO Ident for this SSO Profile
Root domain The root domain for this SSO Profile
Notes The notes for this AAA Server
Type Either Single Authentication or Dual Authentication
AAA Server Choose the AAA Server for this SSO Profile
Session Timeout The session time out for this SSO Profile
AppScaler SSO Two Factor Authentication Guide
Login Format The login format for this SSO Profile
Max Login Tries The max login attempts
Lockout Timeout The locked time for failed login
The SSO Profile will be shown
AppScaler SSO Two Factor Authentication Guide
Add one Access Policy
To add one Access Policy:
Login webUI
navigate to SLB -> Profiles
Click Manage for Access Policy
In Access Policy tab, click Add
In the Add Access Policy page, enter the following
Click Save
Settings Description Name The name of this Access Policy
Notes The notes for this access policy
SSO Profile Type Either SSO Profile or SSO Profile Group
SSO Profile Choose one SSO Profile
SSO Method The SSO Method for this access policy, including:
Client Initiated HTTP Form
Client Initiated HTTP Form + RS HTTP Basic Auth
Client Initiated HTTP Form + RS HTTP Form
Client Initiated HTTP Form + RS Kerberos
Client HTTP NTLM Auth
AppScaler SSO Two Factor Authentication Guide
Client HTTP NTLM Auth + RS Kerberos
Client HTTP Basic Auth
Client Auth Pass Through
Login Form Choose one login form
Enable Password Enable or disable password field in login form
Logout URL The logout url string
Password Reset URL The password reset url string
Login Session/Cookie The login cache option
SSO Log Level The option for SSL Log
The Access Policy will be shown
AppScaler SSO Two Factor Authentication Guide
Add one virtual service
To add one virtual service:
Login webUI
Navigate to SLB -> Virtual Server and check Add button
We set up one HTTP based virtual server, please note that you need to choose HTTP in
Service Type dropdown list
Click Save and the new Virtual Server will display
We add new real server to this virtual server, Click icon in Action column
In the Real Server tab, click Add
Add the real server
AppScaler SSO Two Factor Authentication Guide
Click Save and you can add more real servers for this virtual server
AppScaler SSO Two Factor Authentication Guide
Configure SSO for virtual service
To configure SSO for virtual service:
Login WebUI with account admin/password
Navigate to SLB -> Virtual Server
Go to the row of the virtual server, Click icon in Action column
Click Edit button besides Single Sign On in General Properties tab
In Edit Single Sign On Configuration page, choose one access policy
Click Save
Settings Description Access Policy Set the Access Policy for this virtual server. If No SSO
selected, the Single Sign On is disabled.
VS FQDN The FDQN for this virtual server.
Start URI The access URI for this virtual server
WhiteList URI The URI will not be subjected to Single Sign On
AppScaler SSO Two Factor Authentication Guide
SSO Testing
To test the SSO for the virtual service:
Open your browser and access FQDN of the virtual server, in this example, its
http://abc.test.com
The login form will pop up
Input the username and password and click Login button
If authenticated, it will be redirected to the virtual service
AppScaler SSO Two Factor Authentication Guide
SSO Logon Report
To access SSO logon report:
navigate to Log & Report -> SSO Report
Choose the SSO Profile and click View