AppScaler SSO Active Directory GuideAppScaler SSO Active Directory Guide Add one SSO Profile for AAA...

AppScaler SSO Active Directory Guide

Version: 1.0.3

Update: April 2018

XPoint Network


Notice To Users

Information in this guide is subject to change without notice. Companies, names, and data

used in examples herein are fictitious unless otherwise noted. No part of this guide may be

reproduced or transmitted in any form or by any means, electronic or mechanical, for any

purpose, without the express written permission of XPoint Network.

Copyright, Trademark

Copyright © 2017 XPoint Network. All rights reserved. All trademarks or trade names

mentioned herein, if any, are the property of their respective owners.

XPoint Network. reserves all ownership rights for the AppScaler product line including

software and documentation.

XPoint, the XPoint logo, AppScaler, and any other mark listed as a trademark in the “Terms of

Use” portion of the XPoint Web site that is used herein are either registered trademarks or

trademarks of XPoint Network. And/or its subsidiaries in the Hong Kong and/or other

countries.

Microsoft®, Internet Explorer®, Windows® 95, Windows® 98, Windows NT®, Windows®

2000, Windows® XP, and Windows® Vista are either registered trademarks or trademarks of

Microsoft Corporation in the United States and/or other countries.

Limitations

This document is provided “asis”. XPoint Network has made efforts to ensure that the

information presented herein are correct but make no explicit guarantee or warranty as to the

accuracy of the information contained herein. XPoint Network claims no responsibility,

implied or otherwise, to anyone wishing to act of follow the content of this document.


Table of Contents

INTRODUCTION ........................................................ 4

Target Audience ........................................................................................................ 4

Conventions used in this publication ........................................................................ 4

Prerequisites .............................................................................................................. 4

OVERVIEW ............................................................. 5

ADD ONE ACTIVE DIRECTORY USER ..................................... 6

ADD ONE ACTIVE DIRECTORY BASED AAA SERVER....................... 9

ADD ONE SSO PROFILE FOR AAA SERVER .............................. 11

ADD ONE ACCESS POLICY.............................................. 13

ADD ONE VIRTUAL SERVICE ........................................... 15

CONFIGURE SSO FOR VIRTUAL SERVICE ............................... 17

SSO TESTING ......................................................... 18

SSO LOGON REPORT ................................................... 19


Introduction

This document describes the process for AppScaler SSO deployment based on Active

Directory authentication.

Add one Active Directory User

Add one Active Directory based AAA Server

Add one SSO Profile for AAA Server

Add one Access Policy

Add one virtual service

Configure SSO for virtual service

Target Audience

This User Guide covers all aspects of AppScaler SSO deployment based on Active Directory

authentication and is intended for both administrators and system integrators.

Conventions used in this publication

This publication uses various conventions to present information. Words that require special

treatment appear in specific fonts or font styles.

Prerequisites

The following are required to configure AppScaler SSO deployment based on Active Directory

authentication.

Windows Active Directory installed

Active Directory Domain configured correctly

FQDN of virtual service configured correctly


Overview

AppScaler provides centralized and flexible application access authentication to consolidate

identity access management infrastructure and realize enhanced security at a reduced

operational cost.

AppScaler leverages both advanced client authentication and access management, combined

with the programmability of Post Form, it can offload authentication processing from business

applications to make for a simpler, more flexible and secure environment.

Providing SSO across applications deployed on heterogeneous platforms requires

standardization on a common identity and access management framework, AppScaler supports

a wide range of authentication protocols including LDAP, Radius, RAS SecurID, Kerberos,

and NTLM.

This document outlines the processes to provide pre-authentication against Active Directory

authentication schema.

When user accesses SSO enabled virtual service, the login form will display for user to

enter credentials.

AppScaler will pass the credentials to active directory for authentication.

If not authenticated, user cannot access virtual service.

If authenticated, user session will be stored and can access all the virtual services with the

same SSO profile.


Add one Active Directory User

The user of active directory needs to be added, and we use the credentials to do the AD

authentication testing.

To add one active directory user:

Click Start->Administrative Tools->Active Directory Users and Computers

Go to user section

Input user details and click Next


Input the password and click Next

Click Finish


Add one Active Directory based AAA Server

To add one Active Directory based AAA Server:

Login WebUI

navigate to SLB -> Profiles

Click Manage for Access Policy

In AAA Server tab, click Add

In the Add AAA Server page, enter the following

Click Save


Settings Description Type The type for this AAA Server, including:

LDAP

Radius

SecurID

Kerberos

Name The name of this AAA Server

IP Address:Port The IP Address and Port of this AAA Server

Account Name The user name for this AAA Server authentication

Account Password The password for this AAA Server authentication

Notes The notes for this AAA Server

The AAA Server will be shown


Add one SSO Profile for AAA Server

To add one SSO Profile for AAA Server:

Login webUI



In SSO Profile tab, click Add

In the Add SSO Profile page, enter the following

Click Save

Settings Description Name The name of this SSO Profile

SSO Ident The SSO Ident for this SSO Profile

Root domain The root domain for this SSO Profile

Notes The notes for this AAA Server

Type Either Single Authentication or Dual Authentication

AAA Server Choose the AAA Server for this SSO Profile

Session Timeout The session time out for this SSO Profile

Login Format The login format for this SSO Profile


Max Login Tries The max login attempts

Lockout Timeout The locked time for failed login

The SSO Profile will be shown


Add one Access Policy

To add one Access Policy:

Login webUI



In Access Policy tab, click Add

In the Add Access Policy page, enter the following

Click Save

Settings Description Name The name of this Access Policy

Notes The notes for this access policy

SSO Profile Type Either SSO Profile or SSO Profile Group

SSO Profile Choose one SSO Profile

SSO Method The SSO Method for this access policy, including:

Client Initiated HTTP Form

Client Initiated HTTP Form + RS HTTP Basic Auth

Client Initiated HTTP Form + RS HTTP Form

Client Initiated HTTP Form + RS Kerberos

Client HTTP NTLM Auth


Client HTTP NTLM Auth + RS Kerberos

Client HTTP Basic Auth

Client Auth Pass Through

Login Form Choose one login form

Enable Password Enable or disable password field in login form

Logout URL The logout url string

Password Reset URL The password reset url string

Login Session/Cookie The login cache option

SSO Log Level The option for SSL Log

The Access Policy will be shown


Add one virtual service

To add one virtual service:

Login webUI

Navigate to SLB -> Virtual Server and check Add button

We set up one HTTP based virtual server, please note that you need to choose HTTP in

Service Type dropdown list

Click Save and the new Virtual Server will display

We add new real server to this virtual server, Click icon in Action column

In the Real Server tab, click Add

Add the real server


Click Save and you can add more real servers for this virtual server


Configure SSO for virtual service

To configure SSO for virtual service:

Login WebUI with account admin/password

Navigate to SLB -> Virtual Server

Go to the row of the virtual server, Click icon in Action column

Click Edit button besides Single Sign On in General Properties tab

In Edit Single Sign On Configuration page, choose one access policy

Click Save

Settings Description Access Policy Set the Access Policy for this virtual server. If No SSO

selected, the Single Sign On is disabled.

VS FQDN The FDQN for this virtual server.

Start URI The access URI for this virtual server

WhiteList URI The URI will not be subjected to Single Sign On


SSO Testing

To test the SSO for the virtual service:

Open your browser and access FQDN of the virtual server, in this example, its

http://abc.test.com

The login form will pop up

Input the username and password and click Login button

If authenticated, it will be redirected to the virtual service


SSO Logon Report

To access SSO logon report:

navigate to Log & Report -> SSO Report

Choose the SSO Profile and click View

AppScaler SSO Active Directory GuideAppScaler SSO Active Directory Guide Add one SSO Profile for AAA...

Documents

Transcript of AppScaler SSO Active Directory GuideAppScaler SSO Active Directory Guide Add one SSO Profile for AAA...