cancel
Showing results for 
Search instead for 
Did you mean: 

Configure authentication and sign on that checks only username, no password required

Highlighted
New Contributor

Configure authentication and sign on that checks only username, no password required

I am attempting to set up a sign in page on my SA 4500 that only requires a valid user name that is checked against our internal domain. We have an authentication policy that uses LDAP for our normal SSL VPN login to access our Citrix portal sitting behind the VPN. However, we have a password reset tool we want to provision out to our users by having a sign in that only requires a valid domain username, not a password. 

I was able to get this to work with an anonymous login, but did not want to open up that risk for a production level test.

Is there any way to have a sign-in policy and sign-in page that does not require a password, but will check a username for validity?

2 REPLIES 2
Highlighted
Regular Contributor

Re: Configure authentication and sign on that checks only username, no password required

Hi Alex,

The anonymous and just the username both are vulnerable.

This is not recommended/configurable 

a workaround would be to configure a local authentication with the same user name as that in the backend server

 

Regards,

SVK

Highlighted
New Contributor

Re: Configure authentication and sign on that checks only username, no password required

Thanks.

I am aware of the vulnerability of this option. However, we would be mitigating risk in other ways. We spoke with our Juniper SE and he had stated anonymous with locking down the web ACL policy to prevent other browsing is our best and really only option.

Thanks,

Alex