•
Basic authentication intermediation page—Displays username and password fields.
•
NTLM intermediation page—Displays username, password, and domain fields.
•
Kerberos intermediation page—Displays username, password, and realm fields.
•
When upgrading a Secure Access device or performing a new installation, the default
SSO BasicAuthNoSSO policy is preserved. If you have enabled all options of the General
tab, SSO will not be enabled until you have deleted the BasicAuthNoSSO policy.
Related
Documentation
Configuring Basic, NTLM, and Kerberos Resources (NSM Procedure) on page 218
•
•
Defining a Basic Authentication, NTLM, or Kerberos Intermediation Resource Policy
(NSM Procedure) on page 221
•
Configuring a SAML Access Control Resource Policy (NSM Procedure) on page 223
Configuring Basic, NTLM, and Kerberos Resources (NSM Procedure)
To configure basic, NT LAN Manager (NTLM), and Kerberos resources:
1.
In the navigation tree, select
Device Manager > Devices
.
2.
Click the
Device Tree
tab, and then double-click the Secure Access device for which
you want to configure the basic, NTLM, and Kerberos resources.
3.
Click the
Configuration
tab. Select
Users > Resource Policies > Web > General
.
4.
Click the
New
icon to configure the options as described in Table 59 on page 218.
5.
Click
OK
to save the changes.
Table 59: Configuring Basic, NTLM, and Kerberos Resources
Your Action
Options
General > Kerberos tab
Select the
Enable Kerberos SSO
check box to enable Kerberos SSO.
Enable Kerberos SSO
General > Kerberos > Realm Definition > New Realm Definition
Enter the Kerberos realm name. For example, enter
http://www.kerber.net
. The
device uses kerber.net to obtain the list of key distribution centers (KDCs).
Realm
Enter the Active Directory site names. Use this field to have the device contact the
KDC at a specific site. For example, if site name is Sunnyvale and realm is
http://www.kerber.net, then the device uses Sunnyvale.KERBER.NET to get the list
of KDCs.
NOTE: The Active Directory must have the sites defined and DNS must be configured
to return the KDCs in the site.
Site Name
Enter the hostnames mapped to the Kerberos realm. You can enter wildcard
characters such as *.y.com, *.kerber.net, or *.*.
Pattern
Copyright © 2010, Juniper Networks, Inc.
218
Configuring Secure Access Devices Guide
Содержание NETWORK AND SECURITY MANAGER
Страница 6: ...Copyright 2010 Juniper Networks Inc vi...
Страница 12: ...Copyright 2010 Juniper Networks Inc xii Configuring Secure Access Devices Guide...
Страница 18: ...Copyright 2010 Juniper Networks Inc xviii Configuring Secure Access Devices Guide...
Страница 20: ...Copyright 2010 Juniper Networks Inc 2 Configuring Secure Access Devices Guide...
Страница 28: ...Copyright 2010 Juniper Networks Inc 10 Configuring Secure Access Devices Guide...
Страница 40: ...Copyright 2010 Juniper Networks Inc 22 Configuring Secure Access Devices Guide...
Страница 46: ...Copyright 2010 Juniper Networks Inc 28 Configuring Secure Access Devices Guide...
Страница 50: ...Copyright 2010 Juniper Networks Inc 32 Configuring Secure Access Devices Guide...
Страница 52: ...Copyright 2010 Juniper Networks Inc 34 Configuring Secure Access Devices Guide...
Страница 82: ...Copyright 2010 Juniper Networks Inc 64 Configuring Secure Access Devices Guide...
Страница 110: ...Copyright 2010 Juniper Networks Inc 92 Configuring Secure Access Devices Guide...
Страница 154: ...Copyright 2010 Juniper Networks Inc 136 Configuring Secure Access Devices Guide...
Страница 224: ...Copyright 2010 Juniper Networks Inc 206 Configuring Secure Access Devices Guide...
Страница 234: ...Copyright 2010 Juniper Networks Inc 216 Configuring Secure Access Devices Guide...
Страница 288: ...Copyright 2010 Juniper Networks Inc 270 Configuring Secure Access Devices Guide...
Страница 300: ...Copyright 2010 Juniper Networks Inc 282 Configuring Secure Access Devices Guide...
Страница 310: ...Copyright 2010 Juniper Networks Inc 292 Configuring Secure Access Devices Guide...
Страница 312: ...Copyright 2010 Juniper Networks Inc 294 Configuring Secure Access Devices Guide...
Страница 320: ...Copyright 2010 Juniper Networks Inc 302 Configuring Secure Access Devices Guide...
Страница 322: ...Copyright 2010 Juniper Networks Inc 304 Configuring Secure Access Devices Guide...
Страница 337: ...PART 6 Index Index on page 321 319 Copyright 2010 Juniper Networks Inc...
Страница 338: ...Copyright 2010 Juniper Networks Inc 320 Configuring Secure Access Devices Guide...
Страница 340: ...Copyright 2010 Juniper Networks Inc 322 Configuring Secure Access Devices Guide...