cancel
Showing results for 
Search instead for 
Did you mean: 

Host Checker - before or after login

lou.chiorazzi_
Not applicable

Host Checker - before or after login

Hi,

 

I'm using an SA2500.  We perviously used the localDB user accounts in an early implementation.  Now using AD.  When localDB was in effect (forced via sign in page), a user launching the URL to the page loaded fast and host checker ran/loaded "after" the login attempt.  

 

Now with AD, the Host Checker runs "before" sign in attempt.  While I think this is great from a security perspective because it does not allow a login attempt before HC passes and in theory wards web crawls and the like, it does seem like an issue to the user due to ~20-30sec page load and sometimes browser non-responsive, the complaints ensue.  W

 

hile still trying to strike the best balance on what to do, did I configure something wrong when the host checker is now running first with AD? or is that a known behavior change when using AD? 

 

Any info is very much appriciated, Thanks in Advance.

 

Lou

4 REPLIES 4
NULL_
Contributor

Re: Host Checker - before or after login

Hi Lou,

 

behavior shouldn't have changed by changing only authentication server.

 

The most likely reason for it is that you did enable host-checker enforcement on realm-basis during the transition from local to ad authentication server.

 

If you aren't using OTC/OTP and or certificates (Hardware-Tokens) for authentication then I would strongly recommend to let the host-checker scan the machine prior to entering username/password.

 

Best Regards

NULL

zanyterp_
Respected Contributor

Re: Host Checker - before or after login

chances are high that this is due to using AD/NT for authorization. did you make any changes to your host checker policies when you made the switch? check your policy trace for timimgs.

jayLaiz_
Super Contributor

Re: Host Checker - before or after login

Hi Lou,

 

There is no behavior change when using local db and AD

 

You can evaluate HC at REALM level and enforce at ROLE level

 

Here HC will evaluate only at REALM and then enforce at role

 

Or,

 

You can evaluate and enforce the HC policy at REALM level

 

So which setup are you using?

 

Regards,

Jay

zanyterp_
Respected Contributor

Re: Host Checker - before or after login

How is this looking for users?