KEYTAB This field represents the shared secret, generated when the script is used on Active
Directory. This secret has to be provided to the firewall so that it can communicate
with Active Directory. It is also provided by the spnego.bat script
SSO Agent
Single Sign-On (SSO) allows a user to authenticate only once to access several services.
The SSO agent method requires the installation of the Stormshield Network SSO Agent
application, a Windows service that allows Stormshield Network firewalls to benefit from a
seamless authentication on Windows Active Directory. Please refer to the technical note
Stormshield Network SSO Agent - Installation and deployment for instructions on how to install
this application.
When a user logs on to the Windows domain by opening his session, he will automatically be
authenticated on the firewall. The principle is as follows: the SSO agent gathers information on the
identification of a user on the domain by connecting remotely to the event viewer on the domain
controller. The SSO agent then relays this information to the firewall through an SSL connection,
which updates its table of authenticated users.
From version 3 of the firmware onwards, up to 5 SSO agents can be declared, thereby making it
possible to manage authentication on 5 Windows Active Directory domains without approval
relationships. These domains must be declared beforehand as external Microsoft Active Directory
types of LDAP directories (Users > Directory configuration module). Additional SSO agents will
be named SSO Agent 1, SSO Agent 2, etc.
After having added this method, you can enter the information relating to its configuration.
SSO Agent
Domain name Select the Microsoft Active Directory corresponding to the domain on which users will
be authenticated. This directory must be configured beforehand through the Directory
configuration module.
SSO Agent
IP address IP address of the server for the machine hosting Stormshield Network SSO Agent.
Port By default, the port "agent_ad" is selected, corresponding to port 1301. The protocol
used is TCP.
Pre-shared key This key is used for SSL encryption in exchanges between the SSO agent (machine
hosting Stormshield Network SSO Agent) and the firewall.
Enter the pre-shared key (password) defined during the installation of the SSO agent.
Confirm pre-shared
key
Confirm the pre-shared key/password that was typed in the previous field.
Pre-shared key
strength
This field indicates your password’s level of security: “Very Weak”, “Weak”, “Medium”,
“Good”or “Excellent”. The use of uppercase and special characters is strongly advised.
SSO backup agent
The configuration of the backup SSO agent is the same as for the main agent.
Domain controller
You will need to add all the domain controllers that control the selected Active Directory domain.
They have to be saved in the firewall’s object database.
Page 50/448 sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
SNS - USER CONFIGURATION MANUAL V.3
AUTHENTICATION
To Next Page
Loading...
