Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Configure SAML to use different auth method depending on source?

SOLVED
Go to solution
Mumford_
New Contributor
‎09-10-2013 01:18:PM
‎09-10-2013 01:18:PM

Configure SAML to use different auth method depending on source?

We have SAML configured now (with Google and Box.net, and some others) using RSA auth.  Is it possible to configure it such that if the user is coming from our internal network (easily distinguished by RFC1918 addresses), that they will use LDAP auth instead, but still use RSA if coming from external?  Users balk at the idea of having to use their RSA fobs when in the office at their desk, and I agree.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
jayLaiz_
Super Contributor
‎09-10-2013 08:27:PM
‎09-10-2013 08:27:PM

Re: Configure SAML to use different auth method depending on source?

Hi,

 

You can ,map the sign in URL to 2 REALMS (saml and LDAP) sand apply source IP restrictions under the role

 

So if user's source IP matches the internal network, they get access to LDAP authenticated REALM.

 

You can test this.

 

In SAML realm, allow users to sign in from any ip address

In LDAP REALM, allow source IP for internal network

 

 

The challenge is that user coming from internal network can see both REALMS when logging in unless in SAML realm, you are able to enter the source IP 's of all the networks from which users may come in under source ip restrictions and deny the internal subnet.

 

Regards,

Jay

 

View solution in original post

0 Kudos
2 REPLIES 2
Mumford_
New Contributor
‎09-10-2013 12:37:PM
‎09-10-2013 12:37:PM

Re: Configure SAML to use different auth method depending on source?

This actually works well.  The Realm chooser appears when the user is connecting internally, but we can just direct the user to ignore that.

The problem now is the login page itself.  Since the login page is chosen based on the URL, not on the REALM, I can't configure it to say "RSA PIN" in place of Password when the realm is RSA.

0 Kudos
jayLaiz_
Super Contributor
‎09-10-2013 08:27:PM
‎09-10-2013 08:27:PM

Re: Configure SAML to use different auth method depending on source?

Hi,

 

You can ,map the sign in URL to 2 REALMS (saml and LDAP) sand apply source IP restrictions under the role

 

So if user's source IP matches the internal network, they get access to LDAP authenticated REALM.

 

You can test this.

 

In SAML realm, allow users to sign in from any ip address

In LDAP REALM, allow source IP for internal network

 

 

The challenge is that user coming from internal network can see both REALMS when logging in unless in SAML realm, you are able to enter the source IP 's of all the networks from which users may come in under source ip restrictions and deny the internal subnet.

 

Regards,

Jay

 

0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.