I am attempting to set up a sign in page on my SA 4500 that only requires a valid user name that is checked against our internal domain. We have an authentication policy that uses LDAP for our normal SSL VPN login to access our Citrix portal sitting behind the VPN. However, we have a password reset tool we want to provision out to our users by having a sign in that only requires a valid domain username, not a password.
I was able to get this to work with an anonymous login, but did not want to open up that risk for a production level test.
Is there any way to have a sign-in policy and sign-in page that does not require a password, but will check a username for validity?
The anonymous and just the username both are vulnerable.
This is not recommended/configurable
a workaround would be to configure a local authentication with the same user name as that in the backend server
I am aware of the vulnerability of this option. However, we would be mitigating risk in other ways. We spoke with our Juniper SE and he had stated anonymous with locking down the web ACL policy to prevent other browsing is our best and really only option.