Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Protecting Juniper SA using Certificate-Based Authentication. Quick Start Guide"

Transcription

1 Protecting Juniper SA using Certificate-Based Authentication

2 Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate. SafeNet, Inc. is not responsible for any direct or indirect damages or loss of business resulting from inaccuracies or omissions. The specifications contained in this document are subject to change without notice. SafeNet and SafeNet Authentication Service are either registered with the U.S. Patent and Trademark Office or are trademarks of SafeNet, Inc., and its subsidiaries and affiliates, in the United States and other countries. All other trademarks referenced in this Manual are trademarks of their respective owners. SafeNet Hardware and/or Software products described in this document may be protected by one or more U.S. Patents, foreign patents, or pending patent applications. Please contact SafeNet Support for details of FCC Compliance, CE Compliance, and UL Notification. Support SafeNet technical support specialists can provide assistance when planning and implementing SafeNet Authentication Service. In addition to aiding in the selection of the appropriate authentication products, SafeNet can suggest deployment procedures that will provide a smooth, simple transition from existing access control systems and a satisfying experience for network users. We can also help you leverage your existing network equipment and systems to maximize your return on investment. SafeNet works closely with channel partners to offer worldwide Technical Support services. If you purchased this product through a SafeNet channel partner, please contact your partner directly for support needs. To contact SafeNet Authentication Service support directly: Europe / EMEA Freephone: (UK) Telephone: +44 (0) (Int l) North America Toll Free: Telephone: Customer Feedback Help us to improve this documentation, our products and our services by communicating any ideas and suggestions that you feel would improve the usefulness and clarity of the documentation, product feature set or application in practice. Suggestions should be sent to: Introduction 2

3 Publication History Date Description Revision 04/25/2013 Initial Release 1.0 Introduction 3

4 Table of Contents Introduction... 5 Integration System Requirements... 5 Configuring Juniper SA for PKI... 6 Downloading a CA Certificate... 6 Creating a Certificate Authentication Server... 7 Adding the Certificate to the List of Trusted Client CAs... 9 Configuring the User Realm Configuring KCD Configuring the User Account Creating a KCD User Account in Active Directory Defining the Delegated Authentication Services Configuring SA Configuring Web SSO Configuring the Constrained Delegation Service List Configuring SSO Policies Configuring SSO Profile Configuring the Exchange Server Running the Solution User Authentication Scenario Introduction 4

5 Introduction This document guides you through setting up a certificate-based authentication solution in a Juniper Networks Junos Pulse Secure Access Service (SA) environment. This integration guide describes a single sign-on solution for Microsoft OWA based on SAC 8.2 and SafeNet tokens. This section includes the following: Integration System Requirements Integration System Requirements For this scenario, the working environment must include the following software: Juniper Networks Junos Pulse Secure Access Service Version 7.1 R5 or later Microsoft Exchange 2010 Microsoft Active Directory Microsoft Enterprise CA SAC 8.2 GA etoken 5100 Introduction 5

6 Configuring Juniper SA for PKI This section describes how to configure the server to enable Juniper SA certificate authentication with SafeNet s PKI tokens. This section includes the following: Downloading a CA Certificate Creating a Certificate Authentication Server Adding the Certificate to the List of Trusted Client CAs Configuring the User Realm Downloading a CA Certificate The first step is to download and save a CA certificate. To download a CA certificate: 1. Access the CA server web interface. 2. Select Download a CA Certificate. 3. Select Base Save the certificate to the local hard drive. Configuring Juniper SA for PKI 6

7 Creating a Certificate Authentication Server This step guides you through creating a certificate authentication server on the Juniper SA. To create a certificate authentication server on the Juniper SA: 1. Select Authentication > Auth. Servers. The Authentication Servers window opens. 2. From the New drop-down list, select Certificate Server. Configuring Juniper SA for PKI 7

8 3. Click New Server. The New Certificate Server window opens. 4. Next to Name, enter the new server a name; leave the default settings unchanged for all other options. 5. Click Save Changes. Configuring Juniper SA for PKI 8

9 Adding the Certificate to the List of Trusted Client CAs The certificate can now be added to the list of Trusted Client CAs on the Juniper SA. To add the certificate to the list of Trusted Client CAs: 1. Select System > Configuration > Certificates > Trusted Client CAs. The Configuration window opens. 2. Click the Import CA Certificate button and browse to select the saved file. Configuring Juniper SA for PKI 9

10 3. Click the Import Certificate button. The Trusted Client CA window opens. 4. Check that the Root CA Certificate details are correct. Configuring Juniper SA for PKI 10

11 5. Under Client certificate status checking, select Use CRLs (Certificate Revocation Lists) and click Save Changes. 6. Select CRL Checking Options. Configuring Juniper SA for PKI 11

12 The CRL Checking Options window opens. 7. In the Use drop-down list, select CDP(s) specified in the Trusted Client CA. 8. Click Save Changes. The new CDP appears in the Certificate Detail page under Client certificate status checking. Configuring Juniper SA for PKI 12

13 Configuring the User Realm The user realm needs to be configured to use certificate authentication, client certificate restrictions, and the Role Mapping Rules. To configure the user realm: 1. Select Users > User Realms. Configuring Juniper SA for PKI 13

14 2. Click on the Users link under Authentication Realm column. The Realm window opens ( Users Realm in this example). 3. In the General tab, under Servers, select the certificate server created in the previous step from the Authentication drop-down list. Configuring Juniper SA for PKI 14

15 4. Select the Authentication Policy tab and then click Certificate. 5. Select Only allow users with a client-side certificate signed by Trusted Client CAs to sign in. 6. Click Save Changes. The Juniper Networks Junos Pulse Secure Access is ready to authenticate users using certificates. Configuring Juniper SA for PKI 15

16 Configuring KCD Juniper SA is often used to protect Web application resources, such as Outlook Web Access (OWA) and SharePoint, which are based on Windows authentication. Kerberos Constrained Delegation (KCD) enables Single Sign On for the application resource, so that users are required to log on only once per session. The user logs on to SA, and then is not required to authenticate again when accessing Microsoft applications. Setting up KCD with SA involves the following steps: Configuring the User Account in Active directory Configuring SA Configuring the User Account Creating a KCD User Account in Active Directory KCD requires an Active Directory user account that has Protocol Transition and Delegation rights. This account has rights to request a Kerberos ticket on behalf of a user signing in to SA. To create a new user in Active Directory: 1. From the Windows taskbar, select Start > Programs > Administrative Tools > Active Directory Users and Computers. The Active Directory Users and Computers window opens. 2. In the left pane, expand the domain name, and right-click Users. Configuring KCD 16

17 3. In the menu that appears, select New > User. The New Object - User window opens. 4. Add the new user's information. This account will be used to access Web application resources, such as OWA. 5. Follow the instructions in the dialog box to progress through the windows. Defining the Delegated Authentication Services To configure the new account for Web application access, do the following: Use the setspn command to enable the Delegation tab in the new user account s Properties window. Use the Delegation tab to enable the user to be trusted for delegation to all authentication protocols. To define the Delegated Authentication Services for the new user: 1. Open the Command Prompt window, and enter the command: setspn -A HTTP/<user_account> <domain>\<user_account> where: <user_account> is the User logon name created under Creating a KCD User Account in Active Directory <domain> is your domain Configuring KCD 17

18 In the example that follows, testdomain is the domain, and samservice is the user account s User logon name. 2. In the Active Directory Users and Computers window, right-click the defined user. The user s Properties window opens. Configuring KCD 18

19 3. Select the Delegation tab. 4. Select the following options: Trust this user for delegation to specified services only Use any authentication protocol Note: Do not select Use Kerberos only because that option is not compatible with Protocol Transition and Constrained Delegation. 5. Click Add. The Add Services window opens. Configuring KCD 19

20 6. Click Users or Computers to select the computer hosting the constrained services. The Select Users or Computers window opens. 7. Enter the name of the protected service s server in the domain. Note: In this example, the OWA service is hosted on the same server as Active Directory Domain Controller, so DC is selected. 8. In the Add Services window, the services available on the selected server are displayed. 9. Select the appropriate service type, and click OK. Note: In this example, Constrained Delegation must be configured for OWA. Select http to configure for OWA and for any other Web-based applications running on this server, such as Share Point. Configuring KCD 20

21 The delegated services are displayed in the user s Properties window. 10. Click Apply, and then click OK. Active Directory is now configured for this solution. Configuring SA Configuring SA with Constrained Delegation for users connecting via SA to a selected application involves the following steps: Configuring Web SSO Configuring the Constrained Delegation Service List Configuring SSO Policies For example purposes in this section, the connection will be to the OWA application. Configuring KCD 21

22 Configuring Web SSO In this step, you will add the Kerberos Realm to SA s Kerberos SSO Settings. 1. In the SA Administrator console, select Users > Resource Policies > SSO > General. The WebPolicySSOGeneral window opens. 2. Click Kerberos SSO Settings to see additional settings. 3. Select Enable Kerberos SSO. Configuring KCD 22

23 4. In the Realm Definition area, add the Kerberos realm. In this example, test-domain.com realm was added. Note: The Kerberos Realm is typically the DNS domain. 5. Save the changes. Configuring the Constrained Delegation Service List This step consists of uploading a text file to create a Constrained Delegation Service List. To configure the Constrained Delegation Service List: 1. Open Notepad or a similar text application, and create a file containing the DC server name. 2. Save the file. Configuring KCD 23

24 3. In the SA Administrator console, select Users > Resource Policies > Web > SSO (Single Sign-on) > General. Configuring KCD 24

25 4. In the Constrained Delegation area, click Edit. The Constrained Delegation Service Lists window opens. 5. Click New Service List. 6. In the Name field, enter any value. 7. Click Choose File, and browse to the text file saved at the beginning of this procedure. Configuring KCD 25

26 8. Click OK. The Upload Status window opens. 9. When the upload completes, click Close. 10. In the Constrained Delegation area, do the following: a. In the Label field, enter any value. In this example, we used test-domain.com. b. In the Realm drop-down menu, select the Kerberos realm defined in Configuring Web SSO. c. In the Principal Account field, enter the user logon name (samservice) created in Creating a KCD User Account in Active Directory. d. In the Password field, enter the user s domain password. e. In the Service List drop-down list, select the service list name. f. Click Add. g. Save the changes. Configuring KCD 26

27 Configuring SSO Policies In this step, you will define the roles and resources for which Constrained Delegation will be performed. To configure SSO policies for OWA: 1. In the SA Administrator console, select Users > Resource Policies > Web > Kerberos/NTLM/Basic Auth. 2. Click the New Policy button. The New Policy window opens. Configuring KCD 27

28 3. In Name field, enter a name for the policy. 4. In the Resource field, enter the exact fully-qualified domain name. 5. Under Roles, select Policy applies to selected Roles and add the necessary role. 6. Under Action, choose Constrained Delegation and define appropriate credentials, defined in Configuring the Constrained Delegation Service List. 7. Save the changes. Configuring KCD 28

29 Configuring SSO Profile 1. In the SA Administrator console, select Users > Resource Profiles > Web. 2. Click the New Profile button. The New WEB Application Resource Profile window opens. Configuring KCD 29

30 3. From the Type drop-down list, select Microsoft OWA The OWA 2010 window opens. 4. In the Name field, enter any value for the policy name. 5. In the Base URL field, enter the OWA site s base URL. 6. Under Autopolicy: Web Compression, do the following: a. In the Resource column, enter the OWA site. Configuring KCD 30

31 b. From the Action drop-down list, select Compress. c. Click Add. 7. Under Autopolicy: Single Sign-on, do the following: a. Select Constrained Delegation. b. In the Resource field, enter the host FQDN of the web server. c. From the Credential drop-down list, select the Constrained Delegation s Label defined in Configuring the Constrained Delegation Service List. 8. Click Save Changes. Configuring KCD 31

32 Configuring the Exchange Server This section guides you through configuring the server hosting the web application. Note: This solution can be configured for any web application hosted on any server within the domain. For example purposes, we will use the OWA web application, hosted on the same server as the Active Directory Domain Controller. To configure OWA and ECP: 1. Open the Microsoft Exchange console. 2. In the left pane, select Server Configuration > Client Access. 3. In the Client Access area (middle pane), select your Exchange server. 4. Select the Outlook Web App tab. Configuring the Exchange Server 32

33 5. Right-click owa (Default Web Site), and select Properties. The owa (Default Web Site) Properties window opens. 6. Select the Authentication tab, and do the following: a. Select Use one or more standard authentication methods. b. Select Integrated Windows Authentication. c. Click OK. 7. In the Microsoft Exchange console, select the Exchange Control Panel tab. 8. Right click ecp (Default Web Site), and select Properties. The ecp (Default Web Site) Properties window opens. 9. Select the Authentication tab, and do the following: a. Select Use one or more standard authentication methods. b. Select Integrated Windows Authentication. c. Click OK. 10. Restart IIS for the configuration to take effect. To do this, open a terminal and enter iisreset. Configuring the Exchange Server 33

34 Running the Solution User Authentication Scenario In this example, a user named John authenticates to SA in the following environment: The user authenticates using a certificate saved on a token against Juniper SA. Juniper SA validates authentication on the Authenticated Server; if validation succeeds, the user can access to OWA. Procedure: 1. Enroll a smartcard user certificate on behalf of the domain for the user John. 2. Install SAC 8.2 GA on the client machine used for certificate-based authentication. 3. Connect the token. 4. Open a web browser and browse to the Juniper SA portal. In this example, the SA site is: 5. When prompted for the smartcard PIN, enter the Token Password. Click OK. 6. If the credentials are accepted, the user John is redirected to the SA portal. Running the Solution 34

35 7. Click the OWA 2010 link. The user John is automatically authenticated to the OWA account using KCD. Running the Solution 35

SAM Context-Based Authentication Using Juniper SA Integration Guide

SAM Context-Based Authentication Using Juniper SA Integration Guide SAM Context-Based Authentication Using Juniper SA Integration Guide Revision A Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

Juniper SSL VPN Authentication QUICKStart Guide

Juniper SSL VPN Authentication QUICKStart Guide Juniper SSL VPN Authentication QUICKStart Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights

More information

SafeNet Authentication Service

SafeNet Authentication Service SafeNet Authentication Service Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have and keep

More information

Microsoft Office 365 Using SAML Integration Guide

Microsoft Office 365 Using SAML Integration Guide Microsoft Office 365 Using SAML Integration Guide Revision A Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Deploying SSTP using OTP

Deploying SSTP using OTP Deploying SSTP using OTP Version TBD How-To Guide June 2011 Copyright 2010 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

Welcome Guide for MP-1 Token for Microsoft Windows

Welcome Guide for MP-1 Token for Microsoft Windows Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made

More information

Cisco ASA Authentication QUICKStart Guide

Cisco ASA Authentication QUICKStart Guide Cisco ASA Authentication QUICKStart Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved.

More information

SafeNet Authentication Manager 8.2 and Windows Azure. Quick Start Guide

SafeNet Authentication Manager 8.2 and Windows Azure. Quick Start Guide SafeNet Authentication Manager 8.2 and Windows Azure Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate. SafeNet,

More information

Remote Logging Agent Configuration Guide

Remote Logging Agent Configuration Guide Remote Logging Agent Configuration Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Synchronization Agent Configuration Guide Copyright

More information

Cloud Authentication. Getting Started Guide. Version 2.1.0.06

Cloud Authentication. Getting Started Guide. Version 2.1.0.06 Cloud Authentication Getting Started Guide Version 2.1.0.06 ii Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete and accurate.

More information

SAML Authentication Quick Start Guide

SAML Authentication Quick Start Guide SAML Authentication Quick Start Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved.

More information

Configuring IBM Cognos Controller 8 to use Single Sign- On

Configuring IBM Cognos Controller 8 to use Single Sign- On Guideline Configuring IBM Cognos Controller 8 to use Single Sign- On Product(s): IBM Cognos Controller 8.2 Area of Interest: Security Configuring IBM Cognos Controller 8 to use Single Sign-On 2 Copyright

More information

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations

More information

LDAP Synchronization Agent Configuration Guide

LDAP Synchronization Agent Configuration Guide LDAP Synchronization Agent Configuration Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights

More information

Implementation Guide for protecting. Microsoft Internet Security 2006 and. Microsoft OWA 2007. with. BlackShield ID

Implementation Guide for protecting. Microsoft Internet Security 2006 and. Microsoft OWA 2007. with. BlackShield ID Implementation Guide for protecting Microsoft Internet Security 2006 and Microsoft OWA 2007 with BlackShield ID Copyright 2009 CRYPTOCard Inc. http:// www.cryptocard.com Copyright Copyright 2009, CRYPTOCard

More information

Deploying CTERA Agent via Microsoft Active Directory and Single Sign On. Cloud Attached Storage. September 2015 Version 5.0

Deploying CTERA Agent via Microsoft Active Directory and Single Sign On. Cloud Attached Storage. September 2015 Version 5.0 Deploying CTERA Agent via Microsoft Active Directory and Single Sign On Cloud Attached Storage September 2015 Version 5.0 Copyright 2009-2015 CTERA Networks Ltd. All rights reserved. No part of this document

More information

Smartcard Logon Overview

Smartcard Logon Overview etoken for Windows Smartcard Logon Lesson 9 April 2004 etoken Certification Course Smartcard Logon Overview Windows 2000/2003 Enterprise Server built-in feature Smartcard logon requires issuing a personal

More information

Entrust Managed Services PKI

Entrust Managed Services PKI Entrust Managed Services PKI Entrust Managed Services PKI Windows Smart Card Logon Configuration Guide Using Web-based applications Document issue: 1.0 Date of Issue: June 2009 Copyright 2009 Entrust.

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

Microsoft IAS and NPS Agent Configuration Guide

Microsoft IAS and NPS Agent Configuration Guide Microsoft IAS and NPS Agent Configuration Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Agent IAS and NPS (Microsoft) Configuration

More information

SAM Backup and Restore Guide. SafeNet Integration Guide

SAM Backup and Restore Guide. SafeNet Integration Guide SAM Backup and Restore Guide SafeNet Integration Guide April 2011 Introduction Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority

Creating and Issuing the Workstation Authentication Certificate Template on the Certification Authority In this post we will see the steps for deploying the client certificate for windows computers. This post is a part of Deploy PKI Certificates for SCCM 2012 R2 Step by Step Guide. In the previous post we

More information

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates Entrust Managed Services Entrust Managed Services PKI Configuring secure LDAP with Domain Controller digital certificates Document issue: 1.0 Date of issue: October 2009 Copyright 2009 Entrust. All rights

More information

SafeNet Authentication Client (Windows)

SafeNet Authentication Client (Windows) SafeNet Authentication Client (Windows) Version 8.1 SP1 Revision A User s Guide Copyright 2011 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

etoken PKI Client (Windows) User s Guide Version 5.1 Revision B

etoken PKI Client (Windows) User s Guide Version 5.1 Revision B etoken PKI Client (Windows) User s Guide Version 5.1 Revision B All attempts have been made to make the information in this document complete and accurate. Aladdin is not responsible for any direct or

More information

Defender 5.7 - Token Deployment System Quick Start Guide

Defender 5.7 - Token Deployment System Quick Start Guide Defender 5.7 - Token Deployment System Quick Start Guide This guide describes how to install, configure and use the Defender Token Deployment System, based on default settings and how to self register

More information

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide SAM 8.0 Backup and Restore Guide SafeNet Integration Guide Revision A November 2012 SAM 8.0 Backup and Restore Guide - SafeNet Integration Guide Introduction Copyright 2012 SafeNet, Inc. All rights reserved.

More information

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess

Integration Guide. SafeNet Authentication Service. SAS Using RADIUS Protocol with Microsoft DirectAccess SafeNet Authentication Service Integration Guide SAS Using RADIUS Protocol with Microsoft DirectAccess Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet,

More information

USER GUIDE WWPass Security for Email (Outlook) For WWPass Security Pack 2.4

USER GUIDE WWPass Security for Email (Outlook) For WWPass Security Pack 2.4 USER GUIDE WWPass Security for Email (Outlook) For WWPass Security Pack 2.4 March 2014 TABLE OF CONTENTS Chapter 1 Welcome... 4 Introducing WWPass Security for Email (Outlook)... 5 Supported Outlook Products...

More information

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID

Implementation Guide for. Juniper SSL VPN SSO with OWA. with. BlackShield ID Implementation Guide for Juniper SSL VPN SSO with OWA with BlackShield ID Copyright 2009 CRYPTOCard Inc. http:// www.cryptocard.com Copyright Copyright 2009, CRYPTOCard All Rights Reserved. No part of

More information

Integration Package for Microsoft Office SharePoint3

Integration Package for Microsoft Office SharePoint3 Panorama NovaView 5 Integration Package for Microsoft Office SharePoint3 About the Integration package Release Notes This package applies to the Panorama NovaView Server and the Microsoft office SharePoint3.

More information

Implementation Guide for protecting

Implementation Guide for protecting Implementation Guide for protecting Remote Web Workplace (RWW) Outlook Web Access (OWA) 2003 SharePoint 2003 IIS Web Sites with BlackShield ID Copyright 2010 CRYPTOCard Inc. http:// www.cryptocard.com

More information

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration

Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration Avaya one X Portal 1.1.3 Lightweight Directory Access Protocol (LDAP) over Secure Socket Layer (SSL) Configuration This document provides configuration steps for Avaya one X Portal s 1.1.3 communication

More information

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008 Nature of Document: Guideline Product(s): IBM Cognos Express Area of Interest: Infrastructure 2 Copyright and Trademarks Licensed Materials

More information

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved.

Tenrox. Single Sign-On (SSO) Setup Guide. January, 2012. 2012 Tenrox. All rights reserved. Tenrox Single Sign-On (SSO) Setup Guide January, 2012 2012 Tenrox. All rights reserved. About this Guide This guide provides a high-level technical overview of the Tenrox Single Sign-On (SSO) architecture,

More information

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0

SECO Whitepaper. SuisseID Smart Card Logon Configuration Guide. Prepared for SECO. Publish Date 19.05.2010 Version V1.0 SECO Whitepaper SuisseID Smart Card Logon Configuration Guide Prepared for SECO Publish Date 19.05.2010 Version V1.0 Prepared by Martin Sieber (Microsoft) Contributors Kunal Kodkani (Microsoft) Template

More information

Juniper Networks Secure Access Kerberos Constrained Delegation

Juniper Networks Secure Access Kerberos Constrained Delegation Juniper Networks Secure Access Kerberos Constrained Delegation Release 6.4 CONTENT 1. BACKGROUND...3 2. SETTING UP CONSTRAINED DELEGATION...5 2.1 ACTIVE DIRECTORY CONFIGURATION...5 2.1.1 Create a Kerberos

More information

SafeNet Authentication Client

SafeNet Authentication Client SafeNet Authentication Client QUICK STRAT GUIDE Using Certificate-based Authentication with SafeNet Authentication Client for Citrix XenApp 6.5 Contents Description... 2 The Multi-Factor Authentication

More information

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007 DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Sharepoint 2007 With IDENTIKEY Server / Axsguard IDENTIFIER Integration Guidelines Disclaimer Disclaimer of Warranties and Limitations

More information

Exchange 2010 PKI Configuration Guide

Exchange 2010 PKI Configuration Guide Exchange 2010 PKI Configuration Guide Overview 1. Summary 2. Environment 3. Configuration a) Active Directory Configuration b) CA Configuration c) Exchange Server IIS Configuration d) Exchange Configuration

More information

Strong Authentication for Juniper Networks SSL VPN

Strong Authentication for Juniper Networks SSL VPN Strong Authentication for Juniper Networks SSL VPN with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright 2011. CRYPTOCard

More information

HOTPin Integration Guide: DirectAccess

HOTPin Integration Guide: DirectAccess 1 HOTPin Integration Guide: DirectAccess Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; Celestix assumes no responsibility

More information

SafeNet Authentication Client (Mac)

SafeNet Authentication Client (Mac) SafeNet Authentication Client (Mac) Version 8.2 SP2 Revision A Administrator s Guide 1 Copyright 2014 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document

More information

WHITE PAPER Citrix Secure Gateway Startup Guide

WHITE PAPER Citrix Secure Gateway Startup Guide WHITE PAPER Citrix Secure Gateway Startup Guide www.citrix.com Contents Introduction... 2 What you will need... 2 Preparing the environment for Secure Gateway... 2 Installing a CA using Windows Server

More information

Smartcard Integration

Smartcard Integration TECHNICAL PAPER Smartcard Integration Netop develops and sells software solutions that enable swift, secure and seamless transfer of video, screens, sounds and data between two or more computers over the

More information

etoken Enterprise For: SSL SSL with etoken

etoken Enterprise For: SSL SSL with etoken etoken Enterprise For: SSL SSL with etoken System Requirements Windows 2000 Internet Explorer 5.0 and above Netscape 4.6 and above etoken R2 or Pro key Install etoken RTE Certificates from: (click on the

More information

ECA IIS Instructions. January 2005

ECA IIS Instructions. January 2005 ECA IIS Instructions January 2005 THIS PAGE INTENTIONALLY BLANK ECA IIS Instructions ii July 22, 2005 Table of Contents 1. Install Certificate in IIS 5.0... 1 2. Obtain and Install the ECA Root Certificate

More information

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365

Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 Configuring Single Sign-On from the VMware Identity Manager Service to Office 365 VMware Identity Manager JULY 2015 V1 Table of Contents Overview... 2 Passive and Active Authentication Profiles... 2 Adding

More information

Load Balancing. Outlook Web Access. Web Mail Using Equalizer

Load Balancing. Outlook Web Access. Web Mail Using Equalizer Load Balancing Outlook Web Access Web Mail Using Equalizer Copyright 2009 Coyote Point Systems, Inc. Printed in the USA. Publication Date: January 2009 Equalizer is a trademark of Coyote Point Systems

More information

Using etoken for Securing E-mails Using Outlook and Outlook Express

Using etoken for Securing E-mails Using Outlook and Outlook Express Using etoken for Securing E-mails Using Outlook and Outlook Express Lesson 15 April 2004 etoken Certification Course Securing Email Using Certificates Unprotected emails can be easily read and/or altered

More information

Symantec Managed PKI. Integration Guide for ActiveSync

Symantec Managed PKI. Integration Guide for ActiveSync Symantec Managed PKI Integration Guide for ActiveSync ii Symantec Managed PKI Integration Guide for ActiveSync The software described in this book is furnished under a license agreement and may be used

More information

CA Nimsoft Service Desk

CA Nimsoft Service Desk CA Nimsoft Service Desk Single Sign-On Configuration Guide 6.2.6 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation

More information

How-to: Single Sign-On

How-to: Single Sign-On How-to: Single Sign-On Document version: 1.02 nirva systems info@nirva-systems.com nirva-systems.com How-to: Single Sign-On - page 2 This document describes how to use the Single Sign-On (SSO) features

More information

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see "Deploy Inbox Rules" below.

Configuration Task 3: (Optional) As part of configuration, you can deploy rules. For more information, see Deploy Inbox Rules below. Configure the E-mail Router After the E-mail Router has been installed, you can configure several aspects of it. Some of these configuration tasks are mandatory. Others are optional in that you use them

More information

Deploying RSA ClearTrust with the FirePass controller

Deploying RSA ClearTrust with the FirePass controller Deployment Guide Deploying RSA ClearTrust with the FirePass Controller Deploying RSA ClearTrust with the FirePass controller Welcome to the FirePass RSA ClearTrust Deployment Guide. This guide shows you

More information

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014 Contents Overview... 2 System requirements:... 2 Before installing... 3 Download and installation... 3 Configure DESLock+ Enterprise Server...

More information

Secure Mobile Access Using F5 BIG-IP and IBM MaaS360

Secure Mobile Access Using F5 BIG-IP and IBM MaaS360 Partner Use Cases Secure Mobile Access Using F5 BIG-IP and IBM MaaS360 February 2016 1 Table of Contents Introduction... 3 Technology Brief... 3 F5 BIG-IP Access Policy Manager... 3 IBM MaaS360 Enterprise

More information

SafeNet Authentication Client (Mac)

SafeNet Authentication Client (Mac) SafeNet Authentication Client (Mac) Version 8.2 Revision B User s Guide 1 Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document complete

More information

Creating and Issuing a Custom Workstation Authentication Certificate Template on the Certification Authority

Creating and Issuing a Custom Workstation Authentication Certificate Template on the Certification Authority In this post we will see the steps for deploying the client certificate for distribution points. This is one of the posts of Deploy PKI Certificates for SCCM 2012 R2 Step by Step Guide. In the previous

More information

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE PRODUCT WHITE PAPER LABEL ARCHIVE Adding and Configuring Active Directory Users in LABEL ARCHIVE TEKLYNX International March 19, 2010 Introduction Now more than ever, businesses large and small alike are

More information

Optimization in a Secure Windows Environment

Optimization in a Secure Windows Environment WHITE PAPER Optimization in a Secure Windows Environment A guide to the preparation, configuration and troubleshooting of Riverbed Steelhead appliances for Signed SMB and Encrypted MAPI September 2013

More information

SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A

SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A SafeNet Authentication Client (Linux) Administrator s Guide Version 8.1 Revision A Copyright 2011, SafeNet, Inc. All rights reserved. All attempts have been made to make the information in this document

More information

Enabling single sign-on for Cognos 8/10 with Active Directory

Enabling single sign-on for Cognos 8/10 with Active Directory Enabling single sign-on for Cognos 8/10 with Active Directory Overview QueryVision Note: Overview This document pulls together information from a number of QueryVision and IBM/Cognos material that are

More information

Single Sign On for ShareFile with NetScaler. Deployment Guide

Single Sign On for ShareFile with NetScaler. Deployment Guide Single Sign On for ShareFile with NetScaler Deployment Guide This deployment guide focuses on defining the process for enabling Single Sign On into Citrix ShareFile with Citrix NetScaler. Table of Contents

More information

SafeNet Authentication Manager

SafeNet Authentication Manager SafeNet Authentication Manager TECHNICAL BRIEF Using SafeNet Authentication Manager as Identity Provider for AirWatch Contents Description... 2 Single Sign-On Dataflow... 2 Identity Provider Configuration...

More information

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN INTEGRATION GUIDE IDENTIKEY Federation Server for Juniper SSL-VPN Disclaimer Disclaimer of Warranties and Limitation of Liabilities All information contained in this document is provided 'as is'; VASCO

More information

PC-Duo Web Console Installation Guide

PC-Duo Web Console Installation Guide PC-Duo Web Console Installation Guide Release 12.1 August 2012 Vector Networks, Inc. 541 Tenth Street, Unit 123 Atlanta, GA 30318 (800) 330-5035 http://www.vector-networks.com Copyright 2012 Vector Networks

More information

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014

S/MIME on Good for Enterprise MS Online Certificate Status Protocol. Installation and Configuration Notes. Updated: October 08, 2014 S/MIME on Good for Enterprise MS Online Certificate Status Protocol Installation and Configuration Notes Updated: October 08, 2014 Installing the Online Responder service... 1 Preparing the environment...

More information

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit www.specopssoft.

Installation Guide. . All right reserved. For more information about Specops Inventory and other Specops products, visit www.specopssoft. . All right reserved. For more information about Specops Inventory and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Inventory is a trademark owned by Specops Software.

More information

Strong Authentication for Juniper Networks

Strong Authentication for Juniper Networks Strong Authentication for Juniper Networks SSL VPN SSO and OWA with Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright Copyright

More information

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide

BlackBerry Enterprise Service 10. Version: 10.2. Configuration Guide BlackBerry Enterprise Service 10 Version: 10.2 Configuration Guide Published: 2015-02-27 SWD-20150227164548686 Contents 1 Introduction...7 About this guide...8 What is BlackBerry Enterprise Service 10?...9

More information

ACTIVID APPLIANCE AND MICROSOFT AD FS

ACTIVID APPLIANCE AND MICROSOFT AD FS ACTIVID APPLIANCE AND MICROSOFT AD FS SAML 2.0 Channel Integration Handbook ActivID Appliance 7.2 July 2013 Released Document Version 1.0 hidglobal.com Table of Contents 1.0 Introduction...3 1.1 Scope

More information

Installing and Configuring vcloud Connector

Installing and Configuring vcloud Connector Installing and Configuring vcloud Connector vcloud Connector 2.0.0 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a new

More information

Apache Server Implementation Guide

Apache Server Implementation Guide Apache Server Implementation Guide 340 March Road Suite 600 Kanata, Ontario, Canada K2K 2E4 Tel: +1-613-599-2441 Fax: +1-613-599-2442 International Voice: +1-613-599-2441 North America Toll Free: 1-800-307-7042

More information

Secure IIS Web Server with SSL

Secure IIS Web Server with SSL Secure IIS Web Server with SSL EventTracker v7.x Publication Date: Sep 30, 2014 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Abstract The purpose of this document is to help

More information

SafeNet Authentication Service

SafeNet Authentication Service SafeNet Authentication Service Push OTP Integration Guide All information herein is either public information or is the property of and owned solely by Gemalto NV. and/or its subsidiaries who shall have

More information

Install SQL Server 2014 Express Edition

Install SQL Server 2014 Express Edition How To Install SQL Server 2014 Express Edition Updated: 2/4/2016 2016 Shelby Systems, Inc. All Rights Reserved Other brand and product names are trademarks or registered trademarks of the respective holders.

More information

Cloud Attached Storage

Cloud Attached Storage Backing Up and Restoring Microsoft SharePoint Server Cloud Attached Storage February 2014 Version 4.0 Copyright 2009-2014 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced

More information

Certificate technology on Junos Pulse Secure Access

Certificate technology on Junos Pulse Secure Access Certificate technology on Junos Pulse Secure Access How-to Introduction:... 1 Creating a Certificate signing request (CSR):... 1 Import Intermediate CAs: 3 Using Trusted Client CA on Juno Pulse Secure

More information

CA NetQoS Performance Center

CA NetQoS Performance Center CA NetQoS Performance Center Install and Configure SSL for Windows Server 2008 Release 6.1 (and service packs) This Documentation, which includes embedded help systems and electronically distributed materials,

More information

Cloud Attached Storage

Cloud Attached Storage Backing Up and Restoring SQL Server Databases Cloud Attached Storage February 2014 Version 4.0 Copyright 2009-2014 CTERA Networks Ltd. All rights reserved. No part of this document may be reproduced in

More information

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de

Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Forefront UAG authentication options Abstract In this article I will show you the different

More information

Integration Guide. SafeNet Authentication Client. Using SAC with Putty-CAC

Integration Guide. SafeNet Authentication Client. Using SAC with Putty-CAC SafeNet Authentication Client Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information Document

More information

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template

Integration Guide. SafeNet Authentication Service. Using SAS with Web Application Proxy. Technical Manual Template SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Managed Services PKI 60-day Trial Quick Start Guide

Managed Services PKI 60-day Trial Quick Start Guide Entrust Managed Services PKI Managed Services PKI 60-day Trial Quick Start Guide Document issue: 3.0 Date of issue: Nov 2011 Copyright 2011 Entrust. All rights reserved. Entrust is a trademark or a registered

More information

Configure Cisco Unified Customer Voice Portal

Configure Cisco Unified Customer Voice Portal Cisco Unified Customer Voice Portal Configuration, page 1 Configure Gateways, page 1 Transfer Unified CVP Scripts and Media Files, page 2 Unified Customer Voice Portal Licenses, page 2 Configure SNMP,

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Salesforce SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3)

Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3) Step-by-step installation guide for monitoring untrusted servers using Operations Manager ( Part 3 of 3) Manual installation of agents and importing the SCOM certificate to the servers to be monitored:

More information

Microsoft Outlook Web Access 2003 using Microsoft Internet Information Server v6.0 Authenticating Users Using SecurAccess Server by SecurEnvoy

Microsoft Outlook Web Access 2003 using Microsoft Internet Information Server v6.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Microsoft Outlook Web Access 2003 using Microsoft Internet Information Server v6.0 Authenticating Users Using SecurAccess Server by SecurEnvoy Contact information SecurEnvoy www.securenvoy.com 0845 2600010

More information

http://docs.trendmicro.com/en-us/enterprise/safesync-for-enterprise.aspx

http://docs.trendmicro.com/en-us/enterprise/safesync-for-enterprise.aspx Trend Micro Incorporated reserves the right to make changes to this document and to the product described herein without notice. Before installing and using the product, review the readme files, release

More information

Extending Microsoft Windows Active Directory Authentication to Access HP Service Health Reporter

Extending Microsoft Windows Active Directory Authentication to Access HP Service Health Reporter Technical White Paper Extending Microsoft Windows Active Directory Authentication to Access HP Service Health Reporter For the Windows Operation System Software Version 9.40 Table of Contents Introduction...

More information

SAS Token Validator Proxy Agent Configuration Guide

SAS Token Validator Proxy Agent Configuration Guide SAS Token Validator Proxy Agent Configuration Guide Powerful Authentication Management for Service Providers and Enterprises Authentication Service Delivery Made EASY Copyright 2014 SafeNet, Inc. All rights

More information

Installation Guide. SafeNet Authentication Service

Installation Guide. SafeNet Authentication Service SafeNet Authentication Service Installation Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

Using Internet or Windows Explorer to Upload Your Site

Using Internet or Windows Explorer to Upload Your Site Using Internet or Windows Explorer to Upload Your Site This article briefly describes what an FTP client is and how to use Internet Explorer or Windows Explorer to upload your Web site to your hosting

More information

BusinessObjects Enterprise XI Release 2

BusinessObjects Enterprise XI Release 2 BusinessObjects Enterprise XI Release 2 How to configure an Internet Information Services server as a front end to a WebLogic application server Overview Contents This document describes the process of

More information

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and 2012. October 2013

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and 2012. October 2013 Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and 2012 October 2013 This is a publication of Sage Software, Inc. Document version: October 17, 2013 Copyright

More information

Outlook Express / Windows Mail Setup Guide

Outlook Express / Windows Mail Setup Guide Versions Addressed: Outlook Express 6, Windows Mail 6, Microsoft Outlook 2000 Document Updated: 11/22/2010 Copyright 2010 Purpose: This document will assist the end user in configuring Outlook Express,

More information

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server

Integration Guide. SafeNet Authentication Service. Using SAS as an Identity Provider for Tableau Server SafeNet Authentication Service Integration Guide Technical Manual Template Release 1.0, PN: 000-000000-000, Rev. A, March 2013, Copyright 2013 SafeNet, Inc. All rights reserved. 1 Document Information

More information

CA Spectrum and CA Embedded Entitlements Manager

CA Spectrum and CA Embedded Entitlements Manager CA Spectrum and CA Embedded Entitlements Manager Integration Guide CA Spectrum Release 9.4 - CA Embedded Entitlements Manager This Documentation, which includes embedded help systems and electronically

More information

Printing to Windows Shares from xprintserver using IPP/HTTP

Printing to Windows Shares from xprintserver using IPP/HTTP Scenario: User has a printer connected directly to a Windows Server 2003 or 2008 server and wants to print to it from an ios device using the xprintserver. Solution: Use Internet Printing support in Windows

More information