AUTHENTICATION
The authentication feature allows the user to identify himself using a login and password or
through a seamless process (SSO / certificate). To do so, the feature may use an LDAP
(Lightweight Directory Access Protocol) database storing user profiles as well as the associated
x509 certificate.
Once the authentication is successful, the user’s login will be associated with the host from
which he has logged on – this information will be stored in the ASQ’s user table – and with all IP
packets that originate from it for the duration that the user or administrator has specified
depending on the method used.
In order to be effective, the methods configured (1
st
tab) have to be made explicit in the
authentication policy rules (2
nd
tab).
The Authentication module contains 4 tabs:
l Available methods: this tab offers you the choice of one or several authentication methods
and their configuration on the firewall to allow the firewall to apply the security policy. The
administrator may also require authentication for the purpose of entering the identity of the
host’s user in the logs. In this section, you will be able to configure several methods as the
authentication policy allows the use of several of these methods that will then be evaluated
in order when authentication is processed.
l Authentication policy: this tab allows specifying the methods according to the source of the
request and defining the order of the authentication methods to apply.
l Captive portal: Enables configuration of access to the captive portal from various interfaces,
as well as the different information relating to it (SSL access, authentication, proxy). It also
allows you to customize the display of the captive portal.
l Captive portal profiles: this tab makes it possible to manage several authentication profiles
that the captive portal can use. For example, these profiles enable the selection of the type of
account used (temporary accounts, users declared in the internal LDAP directory, etc) or
allowed authentication durations.
NOTE
The captive portal has to be enabled for all authentication methods, except for SSO.
For issues relating to Multi-user networks and authentication by transparent or explicit proxies,
please refer to the chapter Transparent or explicit HTTP proxy and multi-user objects.
“Available methods” tab
This screen offers the choice of one or several authentication methods and their configuration.
Authentication methods
The left column is dedicated to the list of authentication methods. The right column displays the
options for setting the selected authentication method.
The button Add a method opens a drop-down list that offers a choice of 8 authentication
methods that you can Delete if necessary. These methods are:
Page 46/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
AUTHENTICATION
To Next Page
Loading...
