Solution4 Policy¶
Policy Walk-Through¶
A user enters their credentials in the logon page agent.
Those credentials are collected, stored as the default system session variables of session.logon.last.username and session.logon.last.password.
The AD Auth Agent validates the username and password session variables against the configured AD Domain Controller.
The user is granted access via the Allow Terminal
If unsuccessful, the user proceeds down the fallback branch and denied access via the Deny Terminal
Policy Agent Configuration¶
The Logon Page contains only the default setting
The AD Auth agent defines the AAA AD Servers that a user will be authenticated against. All Setting are the default.
Profile Settings¶
The SSO/Auth Domains setting was modified from its default to include the idp.acme.com SAML IDP Service
Supporting APM Objects¶
AAA AD Servers¶
A single domain controller was configured for Active directory AAA authentication
IDP Service¶
The settings below define all the components of the IDP Service
General Settings
SAML Profile
Endpoint Settings
Assertion Settings
SAML Attributes
Security Settings
SP Connector¶
The settings below define all the components of the SP Service
General Settings
Endpoint Settings
Security Settings
SLO Service Settings
SP Location Settings
The Policy from a user’s perspective¶
If the user attempts to access https://idp.acme.com they will be redirected to a logon page. This solution is designed to be integrated with the solutions in the UDF deployment that require an IDP.