ProxySG TechBrief LDAP Authentication with the ProxySG



Similar documents
LDAP Authentication and Authorization

ProxySG TechBrief Enabling Transparent Authentication

ProxySG TechBrief Implementing a Reverse Proxy

ProxySG TechBrief Downloading & Configuring Web Filter

Using LDAP Authentication in a PowerCenter Domain

Blue Coat Security First Steps Solution for Integrating Authentication Using LDAP

Basic Configuration. Key Operator Tools older products. Program/Change LDAP Server (page 3 of keyop tools) Use LDAP Server must be ON to work

HTTPS HTTP. ProxySG Web Server. Client. ProxySG TechBrief Reverse Proxy with SSL. 1 Technical Brief

Downloading and Configuring WebFilter

Executive Summary. What is Authentication, Authorization, and Accounting? Why should I perform Authentication, Authorization, and Accounting?

Application Note. ShoreTel 9: Active Directory Integration. Integration checklist. AN June 2009

Setting up LDAP settings for LiveCycle Workflow Business Activity Monitor

Version 9. Active Directory Integration in Progeny 9

Active Directory Integration with Blue Coat

LDAP Implementation AP561x KVM Switches. All content in this presentation is protected 2008 American Power Conversion Corporation

HP Device Manager 4.7

LDAP User Guide PowerSchool Premier 5.1 Student Information System

Enabling Kerberos SSO in IBM Cognos Express on Windows Server 2008

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Active Directory 2008 Implementation. Version 6.410

How To Take Advantage Of Active Directory Support In Groupwise 2014

Reverse Proxy with SSL - ProxySG Technical Brief

IIS, FTP Server and Windows

Field Description Example. IP address of your DNS server. It is used to resolve fully qualified domain names

Customer Tips. Configuring Color Access on the WorkCentre 7328/7335/7345 using Windows Active Directory. for the user. Overview

Configuring and Using the TMM with LDAP / Active Directory

Delegated Administration Quick Start

NSi Mobile Installation Guide. Version 6.2

CA Performance Center

PineApp Surf-SeCure Quick

Configuring Sponsor Authentication

To enable an application to use external usernames and passwords, you need to first configure CA EEM to use external directories.

How to configure the Panda GateDefender Performa explicit proxy in a Local User Database or in a LDAP server

Blue Coat Security First Steps Solution for Integrating Authentication

Managing Identities and Admin Access

Troubleshooting Active Directory Server

Upgrading User-ID. Tech Note PAN-OS , Palo Alto Networks, Inc.

Skyward LDAP Launch Kit Table of Contents

RSA Authentication Manager 7.1 Microsoft Active Directory Integration Guide

Tool Tip. SyAM Management Utilities and Non-Admin Domain Users

PRODUCT WHITE PAPER LABEL ARCHIVE. Adding and Configuring Active Directory Users in LABEL ARCHIVE

F-Secure Messaging Security Gateway. Deployment Guide

USER GUIDE. Lightweight Directory Access Protocol (LDAP) Schoolwires Centricity

App Orchestration 2.0

Access to Webmail services via a Non Trust Computer

Introduction to Directory Services

1 Introduction. Windows Server & Client and Active Directory.

How To Enable A Websphere To Communicate With Ssl On An Ipad From Aaya One X Portal On A Pc Or Macbook Or Ipad (For Acedo) On A Network With A Password Protected (

Active Directory 2008 Implementation Guide Version 6.3

Content Filtering Client Policy & Reporting Administrator s Guide

Configuring Global Protect SSL VPN with a user-defined port

Deployment Guide ICA Proxy for XenApp

From Release 8.0, IPv6 can also be used to configure the LDAP server on the controller.

Best Practices for Breeze Directory Service Integration

User Identification and Authentication

Configuring HP Integrated Lights-Out 3 with Microsoft Active Directory

Configure SecureZIP for Windows for Entrust Entelligence Security Provider 7.x for Windows

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

WirelessOffice Administrator LDAP/Active Directory Support

PriveonLabs Research. Cisco Security Agent Protection Series:

Setup Guide Access Manager 3.2 SP3

Siteminder Integration Guide

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

Connection Broker Managing User Connections to Workstations, Blades, VDI, and More. Quick Start with Microsoft Hyper-V

How To Authenticate On An Xtma On A Pc Or Mac Or Ipad (For A Mac) On A Network With A Password Protected (For An Ipad) On An Ipa Or Ipa (For Mac) With A Log

User Management Resource Administrator. Managing LDAP directory services with UMRA

BusinessObjects Enterprise XI Release 2

Clientless SSL VPN Users

User Source and Authentication Reference

Product Guide Addendum. SafeWord Check Point User Management Console Version 2.1

App Orchestration 2.5

APIS CARM NG Quick Start Guide for MS Windows

CA Unified Infrastructure Management Server

Deploying RSA ClearTrust with the FirePass controller

Active Directory Authenication

EVERYTHING LDAP. Gabriella Davis

Authorized Send Installation and Configuration Guide Version 4.0

How To - Implement Clientless Single Sign On Authentication in Single Active Directory Domain Controller Environment

How to Use Microsoft Active Directory as an LDAP Source with the Oracle ZFS Storage Appliance

Scan Features Minimum Requirements Guide WorkCentre M123/M128 WorkCentre Pro 123/ P42081

Configuring SonicWALL TSA on Citrix and Terminal Services Servers

CA Nimsoft Service Desk

Configuring Color Access on the WorkCentre 7120 Using Microsoft Active Directory Customer Tip

Dell KACE K1000 System Management Appliance Version 5.4. Service Desk Administrator Guide

Configuration Guide BES12. Version 12.3

Cisco TelePresence Authenticating Cisco VCS Accounts Using LDAP

HP Device Manager 4.6

Security Assertion Markup Language (SAML) Site Manager Setup

Copyright 2012 Trend Micro Incorporated. All rights reserved.

Secure Web Service - Hybrid. Policy Server Setup. Release Manual Version 1.01

Citrix Access on SonicWALL SSL VPN

Flexible Identity. LDAP Synchronization Agent guide. Bronze. version 1.2

Defender Token Deployment System Quick Start Guide

Configuring Microsoft Active Directory for Oracle Net Naming. An Oracle White Paper April 2014

Active Directory Integration

RoomWizard Synchronization Software Manual Installation Instructions

Entrust Managed Services PKI. Configuring secure LDAP with Domain Controller digital certificates

User Management: Configuring Authentication Servers

Jobs Guide Identity Manager February 10, 2012

Transcription:

ProxySG TechBrief LDAP Authentication with the ProxySG What is LDAP Authentication? Today, the network can include elements such as LANs, WANs, an intranet, and the Internet. Many enterprises have turned to centralized directory-enabled applications to provide their users with seamless access to all of the applications, devices, and appliances they are authorized to use. Directory services simplify administration; additions and changes to permissions are made only once in the directory and are immediately available to all authorized users, directory-enabled applications, devices, and appliances. The Blue Coat ProxySG supports the use of an external LDAP-enabled directory for authentication and authorization of users on a per-group basis. LDAP group-based authentication for the Blue Coat ProxySG can be configured to support any LDAP-compliant directory including: Microsoft Active Directory Novell edirectory Sun Java System Directory Server Lotus Domino The Blue Coat ProxySG also provides the ability to locate a group or a single user in a single root of an LDAP directory information tree (DIT) through its VPM searching functionality. Once located, the user or group can be selected for inclusion in authentication. Why enable LDAP Authentication? The ProxySG makes use of your existing directory-based authentication by passing login requests to the directory service. There is no need to define an additional authentication mechanism when using the ProxySG. By keeping authentication centralized on your directory, a security administrator will always know who is accessing network resources and can easily define user/group-based policies to control access through the appliance. Implementing LDAP Authentication There are four steps to implementing LDAP authentication services on the ProxySG: 1. Create an LDAP Realm on the ProxySG 2. Configure LDAP properties on the ProxySG 3. Enable Authentication on the Blue Coat Policy 4. Test your LDAP authentication realm 1 Technical Brief

Step 1 - Create an LDAP Realm on the ProxySG Create a realm using the Blue Coat GUI Management Console by selecting the Authentication option. Then, select the LDAP Realm tab. Click the New button. The Add Realm dialog is displayed. Type in LDAP_Realm (or any name) as the Realm name; select Microsoft Active Directory as the directory type (or the directory you are using), and type in the primary LDAP Server s IP address. The port default is 389 and the user attribute type default is samaccountname. You may have to change these defaults for your particular LDAP configuration. Be sure to check with your LDAP administrator for specific configuration information. 2 Technical Brief

Step 2 Configure LDAP Properties on the ProxySG The next step is to configure any additional LDAP properties on the ProxySG. This section describes the available LDAP configuration pages and their options Use the LDAP Servers page to change the current default settings: Select server type: Microsoft, Novell, Sun, or Other Select LDAP Protocol Version (default is 3, 2 can be selected) Select whether to follow referrals (LDAP v3 only) Specify host and port for primary LDAP server Specify host and port for alternate server (optional) Enable/disable SSL as required (LDAP v3 only) Enable/disable verify server certificate as required Can specify multiple Base Distinguished Names (DNs) to search per realm Can specify a specific branch DN Base DN identifies the entry as starting point for search (dc=bluecoat, dc=com) At least one non-null base DN must be specified c=country cn=common name ou=organizational unit 3 Technical Brief

Specify multiple Base Distinguished Names (DNs) to search per realm You can instruct the ProxySG to search on a specific branch DN. The base DN identifies the entry as a starting point for searching such as dc=bluecoat, dc=com. At least one non-null base DN must be specified: c = country cn = common name ou = organization unit 4 Technical Brief

LDAP Search & Groups In this page you can specify whether to use anonymous as the search name or enforce user authentication with a different user name before allowing a search. Some Directories require a valid user to perform LDAP search and will not allow anonymous bind. This is the case with Active Directory, for example. LDAP directory attributes for an anonymous search typically only provide a subset of available information (as controlled by the network administrator). Specify whether to dereference aliases (default is Always) Groups The Groups Page allows an administrator to specify the member type and membership attribute type for the specific LDAP realm selected. The ProxySG enters defaults: Microsoft AD o Membership type:user o Membership attribute:memberof Netscape/Sun iplanet o Membership type:group o Membership attribute type:uniquemember Novell edirectory o Membership type:user o Membership attribute type:member 5 Technical Brief

LDAP Objectclasses LDAP objectclasses define the type of object the entry will be when a search is made by the ProxySG. For example, a user entry may have the attribute objectclass=user. Objectclass attribute values can vary among LDAP servers Objectclass attribute values are used by the Visual Policy Manager to browse the content of an LDAP server The objectclass list is customizable 6 Technical Brief

General realm settings From the LDAP General page you can enable/disable case-sensitivity depending on whether the LDAP server is case-sensitive. You can also do the following: Specify length of time to cache user credentials (default 900 seconds) Specify virtual URL if value is different than global virtual URL Specify display name for realm when authentication is presented to end user 7 Technical Brief

Step 3 Enable Authentication on the Blue Coat Policy To enable an LDAP realm authentication policy, use the Blue Coat management console. Select Policy and launch the Blue Coat Visual Policy Manager. 1. Under the Web Authentication tab Click on Add Rule. Highlight the Action field of new rule, right click and choose authenticate. A pop-up window will be displayed, select LDAP as the realm. 2. Click OK 3. Install the policy by selecting the Install Policies button. 8 Technical Brief

Step 4 Test your LDAP Authentication Realm Test the LDAP authentication by opening up a Web Browser (explicitly configured to go through the proxy). You will be prompted for your user name and password credentials as shown in the following login prompt. Type in the user name and password that has been supplied from your Active Directory domain. The URL requested will then be presented if the user credentials are valid. 408.220.2200 Direct 408.220.2250 Fax www.bluecoat.com Conclusion The ProxySG is designed to take advantage of existing authentication environments including LDAP directory servers. Utilizing existing authentication services saves time and money simplifying the deployment of the ProxySG. Most LDAP parameters are automatically configured to default settings on the ProxySG for easy deployment. Copyright 2004 Blue Coat Systems, Inc. All rights reserved worldwide. No part of this document may be reproduced by any means nor translated to any electronic medium without the written consent of Blue Coat Systems, Inc. Specifications are subject to change without notice. Information contained in this document is believed to be accurate and reliable, however, Blue Coat Systems, Inc. assumes no responsibility for its use. Blue Coat is a registered trademark of Blue Coat Systems, Inc. in the U.S. and worldwide. All other trademarks mentioned in this document are the property of their respective owners. Contact Blue Coat Systems 1.866.30BCOAT 408.220.2200 Direct 408.220.2250 Fax www.bluecoat.com 9 Technical Brief

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information