- A user enters their credentials in the logon page agent.
- Those credentials are collected, stored as the default system session variables of session.logon.last.username and session.logon.last.password.
- The AD Auth Agent validates the username and password session variables against the configured AD Domain Controller.
- The user is granted access via the Allow Terminal
- If unsuccessful, the user proceeds down the fallback branch and denied access via the Deny Terminal
Policy Agent Configuration¶
The Logon Page contains only the default setting
The AD Auth agent defines the AAA AD Servers that a user will be authenticated against. All Setting are the default.
The SSO/Auth Domains setting was modified from its default to include the idp.acme.com SAML IDP Service
Supporting APM Objects¶
AAA AD Servers¶
A single domain controller was configured for Active directory AAA authentication
The settings below define all the components of the IDP Service
The settings below define all the components of the SP Service
SLO Service Settings
SP Location Settings