Chapter 26 Web Authentication
ZyWALL / USG (ZLD) CLI Reference Guide
181
26.3 SSO Overview
SSO (Single Sign-On) integrates Domain Controller and ZyWALL / USG authentication mechanisms,
so that users just need to log in once (single login) to get access to permitted resources.
• The ZyWALL / USG, the DC, the SSO agent and the LDAP or AD server must all be in the same
domain and be able to communicate with each other.
• SSO does not support IPv6 or RADIUS; you must use it in an IPv4 network environment with
Windows AD (Active Directory) or LDAP (Lightweight Directory Access Protocol) authentication
databases.
• You must enable Web Authentication to use SSO.
26.3.1 SSO Configuration Commands
Use these commands to configure the ZyWALL / USG to communicate with SSO.
interface interface_name Sets an interface on which packets for the policy must be received.
[no] schedule schedule_name Sets the time criteria for the specified condition. The no command removes
the time criteria, making the condition effective all the time.
[no] source {address_object |
group_name}
Sets the source criteria for the specified condition. The no command
removes the source criteria, making the condition effective for all sources.
[no] sso Enables SSO web authentication. The
no command disables SSO web
authentication.
show sso { agent | port |
presharekey}
Displays information about the specified condition.
Table 95 web-auth policy Sub-commands (continued)
COMMAND DESCRIPTION
Table 96 SSO Commands and Subcommnds
COMMAND DESCRIPTION
sso agent primary Enters SSO primary agent subcommand mode.
sso agent secondary Enters secondary agent subcommand mode. A secondary agent is an
optional backup SSO agent.
router(config-sso-primary)#
router(config-sso-secondary)#
[no] ip <w.x.y.z>
Sets the primary or ssecondary SSO agent ipv4 address. Use [no] to
disable the IPv4 address.
Type the IPv4 address of the SSO agent. The ZyWALL / USG and the SSO
agent must be in the same domain and be able to communicate with each
other.
router(config-sso-primary)#
router(config-sso-secondary)#
[no] port <1025..65535>
Sets the primary or ssecondary agent port <1025..65535>. Use [no] to
disable the port. Type the same port number here as in the Agent
Listening Port field on the SSO agent. Type a number ranging from 1025
to 65535.
sso presharekey <preshared key> Sets the SSO preshared key. Type 8-32 printable ASCII characters or
exactly 32 hex characters (0-9; a-f). The Agent PreShareKey is used to
encrypt communications between the ZyWALL / USG and the SSO agent
sso encrypted-presharekey <ciphertext> Sets the SSO encrypted preshared key.
sso_port <1025..65535> Sets the SSO listening port. This port is used to wait for receiving
information from Agent. Type a number ranging from 1025 to 65535.
To Next Page
Loading...
