Svn.spamsvn110. QuickStart Guide to Authentication. WebTitan Version 5



Similar documents
Quickstart guide to Authentication

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

Windows XP Exchange Client Installation Instructions

Trouble Shooting SiteManager to GateManager access

ADS Integration Guide

Radius Integration Guide Version 9

Quickstart guide to Configuring WebTitan

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

Professional Mailbox Software Setup Guide

CYBEROAM WINDOWS DOMAIN CONTROLLER INTEGRATION GUIDE VERSION:

Basic Exchange Setup Guide

DIGIPASS Authentication for Cisco ASA 5500 Series

Azure Multi-Factor Authentication. KEMP LoadMaster and Azure Multi- Factor Authentication. Technical Note

Strong Authentication for Microsoft TS Web / RD Web

Integrating LANGuardian with Active Directory

Use the below instructions to configure your wireless settings to connect to the secure wireless network using Microsoft Windows Vista/7.

Basic Exchange Setup Guide

INTEGRATION GUIDE. DIGIPASS Authentication for F5 FirePass

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

TIBCO Spotfire Web Player 6.0. Installation and Configuration Manual

4.0. Offline Folder Wizard. User Guide

OVERVIEW. DIGIPASS Authentication for Office 365

Integrated Citrix Servers

Configuring IBM Cognos Controller 8 to use Single Sign- On

Using Microsoft Windows Authentication for Microsoft SQL Server Connections in Data Archive

RSA Two Factor Authentication. Feature Description

Contents. Introduction. Prerequisites. Requirements. Components Used

FortiAuthenticator Agent for Microsoft IIS/OWA. Install Guide

Strong Authentication for Microsoft SharePoint

Section 4 Application Description - LDAP

WHMCS LUXCLOUD MODULE

Transparent Identification of Users

CORPORATE HEADQUARTERS Elitecore Technologies Ltd. 904 Silicon Tower, Off. C.G. Road, Ahmedabad , INDIA

DIGIPASS Authentication for Check Point Connectra

Installation Guide Supplement

How To - Implement Clientless Single Sign On Authentication with Active Directory

Active Directory 2008 Implementation. Version 6.410

By the Citrix Publications Department. Citrix Systems, Inc.

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Professional Mailbox Software Setup Guide

formerly Help Desk Authority Upgrade Guide

HP Device Manager 4.7

Strong Authentication for Juniper Networks SSL VPN

Active Directory 2008 Implementation Guide Version 6.3

PineApp Surf-SeCure Quick

Exchange 2013 mailbox setup guide

Quick Install Guide. Lumension Endpoint Management and Security Suite 7.1

Exchange Outlook Profile/POP/IMAP/SMTP Setup Guide

CYAN SECURE WEB HOWTO. NTLM Authentication

Filtering and Identifying Web Activity by User Name

Identikey Server Getting Started Guide 3.1

DIGIPASS Authentication for Citrix Access Gateway VPN Connections

DIGIPASS Authentication for GajShield GS Series

SecureW2 Client for Windows User Guide. Version 3.1

NovaBACKUP xsp Version 15.0 Upgrade Guide

RSA Two Factor Authentication

Rohos Logon Key for Windows Remote Desktop logon with YubiKey token

Cyclope Internet Filtering Proxy

Dell One Identity Cloud Access Manager How to Configure Microsoft Office 365

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

Agent Configuration Guide

INTEGRATION GUIDE. IDENTIKEY Federation Server for Juniper SSL-VPN

BlackShield ID Agent for Terminal Services Web and Remote Desktop Web

For Active Directory Installation Guide

Kerberos Constrained Delegation. Kerberos Constrained Delegation. Feature Description

Digipass Plug-In for IAS. IAS Plug-In IAS. Microsoft's Internet Authentication Service. Installation Guide

Defender Token Deployment System Quick Start Guide

BlackShield ID Agent for Remote Web Workplace

Dell One Identity Cloud Access Manager How to Configure for SSO to SAP NetWeaver using SAML 2.0

EVault Endpoint Protection 7.0 Single Sign-On Configuration

Security Assertion Markup Language (SAML) Site Manager Setup

empower Authentication Manual, Version 3.7

HP Device Manager 4.6

Strong Authentication for Juniper Networks

MiSync Personal for Beams

Host Access Management and Security Server

Mashup Sites for SharePoint 2007 Authentication Guide. Version 3.1.1

How To - Implement Single Sign On Authentication with Active Directory

Creating a User Profile for Outlook 2013

Astaro Security Gateway V8. Remote Access via SSL Configuring ASG and Client

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Active Directory Authentication Integration

Self Help Guides. Create a New User in a Domain

DIGIPASS Authentication for Microsoft ISA 2006 Single Sign-On for Outlook Web Access

FireSIGHT User Agent Configuration Guide

Strong Authentication for Cisco ASA 5500 Series

LDAP Synchronization Agent Configuration Guide for

FTP Server Configuration

M86 Web Filter USER GUIDE for M86 Mobile Security Client. Software Version: Document Version:

INTEGRATION GUIDE. DIGIPASS Authentication for Juniper SSL-VPN

Dell One Identity Cloud Access Manager SonicWALL Integration Overview

ProxySG TechBrief Enabling Transparent Authentication

Enterprise Knowledge Platform

XIA Configuration Server

INTEGRATION GUIDE. DIGIPASS Authentication for Office 365 using IDENTIKEY Authentication Server with Basic Web Filter

How to connect to the diamonds wireless network with Vista.

Send to Network Folder. Embedded Digital Sending

Getting Started. Websense V10000 Appliance. v1.1

Configuration Guide. SafeNet Authentication Service. SAS Agent for Microsoft Internet Information Services (IIS)

Transcription:

Svn.spamsvn110 QuickStart Guide to Authentication WebTitan Version 5

Copyright 2014 Copperfasten Technologies. All rights reserved. The product described in this document is furnished under a license agreement and may be used only in accordance with the terms of the agreement. Copperfasten Technologies gives no condition, warranty, expressed or implied about the fitness or quality of this manual or the accompanying product. Copperfasten reserves the right to make changes to this manual or the accompanying product, without notice to any person or company. Copperfasten shall not be liable for any indirect, incidental, special, or consequential damages, loss of profits, loss of goodwill, loss of reputation or economic loss resulting from the use of this manual or the accompanying product whether caused through Copperfasten negligence or otherwise and based on contract, tort, strict liability or otherwise, even if Copperfasten or any of its suppliers has been advised of the possibility of damages. WebTitan is a trademark of Copperfasten Technologies Limited. Support WebTitan technical support specialists can provide assistance when planning and implementing your WebTitan deployment, and deciding on the correct authentication options to ensure a smooth deployment. Through online documentation, telephone help, and direct email support, WebTitan ensures that your questions will be answered in the fastest time possible. Access support information at http://helpdesk.webtitan.com/support/home Revision History Version Date Changes 1.0 December 2014 Initial Revision 2

Contents Introduction... 4 IP based authentication... 5 LDAP based authentication... 6 NTLM based authentication... 8 WebTitan Active Directory Agent (WADA)... 10 WADA Installation... 11 Next Steps... 12 3

Introduction WebTitan provides the option to define how users authenticate themselves to WebTitan before accessing external web sites. By default, authentication is disabled, which means that any user is accepted by the WebTitan appliance without authentication. Should authentication be required, it can be enabled via System Settings-> Authentication tab which can be seen below. The method of authentication can be selected from the 'Policy type' drop down list. WebTitan provides various methods of user authentication which are as follows. IP based authentication LDAP based authentication NTLM based authentication IP and LDAP based authentication IP and NTLM based authentication NTLM authentication in Transparent Mode via WADA (WebTitan Active Directory Agent) Figure 1: Authentication settings IP based authentication and NTLM based authentication are transparent to the user, whereas LDAP based authentication will require the user to enter their LDAP username/password credentials on commencing web site browsing. They will only be asked once for this information. 4

IP based authentication IP based authentication is only suitable where the users have static IP addresses. Also, it is recommended that either LDAP or NTLM authentication is used where LDAP servers are been used to maintain the users and groups within WebTitan. To facilitate IP based authentication within WebTitan, the following must be done: IP based authentication must be enabled via the System Settings > Authentication tab. Users must be assigned IP addresses via the Users & Groups > Users tab. An IP address can be assigned at the time of user creation or by editing an existing user. Figure 2 below shows that users can be assigned both a single IP address and an IP address range. Figure 2: Add users dialog IP authentication points IP based authentication will be transparent to the end user. IP based authentication should only be used for static IP addresses. 5

LDAP based authentication LDAP authentication is suitable for where the users and groups are being managed by an LDAP server and where it is preferred that the user must enter their LDAP username/password credentials on commecing web site browsing. To facilitate LDAP based authentication within WebTitan, the following must be done: LDAP based authentication must be enabled via the System Settings > Authentication tab. There must be at least one LDAP server specified in the Users & Groups > Users tab. The users associated with the authenticating LDAP server must be imported into WebTitan. Figure 3 is a screen shot of LDAP based authentication turned on within WebTitan, which is then followed by figure 4 showing a screen shot of a user being prompted for their LDAP credentials. They are only required to enter these credentials once. Figure 3: LDAP authentication settings Please click here to see the 'QuickStart Guide to LDAP Setup' for details on how to connect to an LDAP server within WebTitan and also how to import LDAP users. 6

Figure 4: LDAP Authentication popup from Internet Explorer If the web user enters an incorrect username or password, then they will receive the following web page: Figure 5: Failed authentication page LDAP authentication points LDAP based authentication requires the end user to enter their LDAP credentials 7

NTLM based authentication If your network uses NTLM authentication, then the NTLM users can be transparently authenticated against the WebTitan web filter using their Microsoft Windows credentials. To facilitate NTLM based authentication within WebTitan, the following must be done. NTLM based authentication must be enabled via the System Settings > Authentication tab. Users must browse using Internet Explorer or Mozilla Firefox. Figure 6 below shows sample settings for an NTLM server. Verification of the settings occurs automatically once the 'Save' button is clicked. Figure 6: NTLM authentication settings If your NTLM server does not authenticate successfully, the following error codes returned by WebTitan could be of use. Error Code Explanation -1 NTLM authentication isn't enabled. -2 The username or password was not correct. -3 Can't connect to domain controllers. -4 /usr/local/bin/net join command failed with another reason. -5 winbindd is not working(wbinfo -p). -6 winbindd is not working correctly (wbinfo -t). 8

NTLM authentication points NTLM based authentication will be transparent to the end user. NTLM based authentication only works with Internet Explorer and Mozilla Firefox. Users who do not match any NTLM user account will automatically be controlled by the 'Default' policy and will appear in reports as the 'GDefault' user. 9

WebTitan Active Directory Agent (WADA) The WebTitan Active Directory Agent (WADA) is a Windows service maintaining a list of active logon sessions, mapping an IP address to a username. This information is then passed to WebTitan to allow user filtering rules to be applied based on the logged in users policy settings. The information is gathered from 3 different sources that exist on Windows network: LDAP Event Logger network sessions The LDAP mechanism collects a list of computers in the domain and based on the lastlogon parameter will contact each computer using the WMI protocol to check for active logon sessions and eventually get the username. Not all computers are checked, only those with lastlogon field within the range defined in the configuration (1 year by default). The Event Logger mechanism listens to the event logger for special events that contains information about username and IP. Additionally, network sessions are enumerated (by default each 10 seconds) to discover active sessions. This method is important especially when there are users on the network that don't turn-off their computers for a very long time and for some reason their computers are not reachable with WMI. The results from all those methods are then merged into one list and transmitted to WebTitan. 10

WADA Installation Install on the Active Directory Server or on another server in the domain. The installation is a straight forward process using the MSI WADA kit as below. Figure 7: WADA installation Figure 8: WADA installation accept the license Figure 9: WADA installation - WebTitan server settings 11

Enter the IP address of your WebTitan. NOTE: Specify the proxy port that WebTitan is listening on for HTTP requests. Default: 8881. Figure 10: WADA installation - AD credentials Finally enter your domain administration credentials for your Active Directory, e.g. copperf\admin / password. Next Steps To implement transparent identification of users in transparent mode (Figure 11), you must configure the WebTitan appliance to operate in transparent mode, and have imported your users from Active Directory on the Users & Groups -> Users page (Figure 12). 12

Figure 11: Import users from Active Directory Figure 12: Transparent mode proxy On the System Setup -> Authentication page, it is sufficient to choose IP based authentication. 13

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information