Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Multiple realms and Auth methods

vpnjunkie_
Occasional Contributor
‎05-24-2008 01:14:AM
‎05-24-2008 01:14:AM

Multiple realms and Auth methods

It was a pleasand surprise to find that Juniper supports SAN (Subject Alternative Names). I am hosting two sign-in pages (realms)... one gives you NC with full access and other one with limited proxy. I am checking Machine cert using HC for full access and if it is not found, then I generate a remediation message telling user to go to other sign in page.

Is there any way to automate this process? If HC check fails, user should get a message with a button to go to different realm/sign-in page or automatically redirects him to limited access sign-in page.

thanks

Message Edited by vpnjunkie on 05-24-2008 01:14 AM
Message Edited by vpnjunkie on 05-24-2008 01:15 AM
0 Kudos
5 REPLIES 5
sylvain_
Contributor
‎05-24-2008 07:51:AM
‎05-24-2008 07:51:AM

Re: Multiple realms and Auth methods

Hi VPN Junkie,

Yes :

- create a second sign in page that point on your second realm like */untrustusers ( in the sign-in policy control )

- edit the custum instruction in the Host Checker and type a text with the Hyper Link to this page

0 Kudos
joels_
Occasional Contributor
‎05-27-2008 09:09:AM
‎05-27-2008 09:09:AM

Re: Multiple realms and Auth methods

Another option might be to have the same sign-in page for both types of user and map the role according to security posture of the machine or user at the role mapping stage. You host check the host for their cert at the sign-in level, but don't enforce. Then to map the correct user type to their relevant role, refer to the host check at the role mapping stage of the logon.

If the user passed the machine cert check they get NC with full access, if they didn't, assign another role with less connectivity options.

This way you can easily add-in more granular checks for extra access levels in the future.

0 Kudos
kenlars_
Super Contributor
‎05-27-2008 09:27:AM
‎05-27-2008 09:27:AM

Re: Multiple realms and Auth methods

If all you are checking on is a certificate, I don't think you even have to run HC. You just have to require the certification in the Authentication policies for the realm. If you use the option "Allow all users and remember certificate information...", you allow certificate and non-certificate users to log on, and can use the certificate information at role mapping time.
0 Kudos
vpnjunkie_
Occasional Contributor
‎05-27-2008 11:30:AM
‎05-27-2008 11:30:AM

Re: Multiple realms and Auth methods

thanks for your response kelnars....

the issue is I am dealing with machine certs and not user certs. Is there any way to check machine certs without using HC? I dont think so.

thanks,

Shahid

0 Kudos
kenlars_
Super Contributor
‎05-27-2008 11:40:AM
‎05-27-2008 11:40:AM

Re: Multiple realms and Auth methods

I think you are corrrect. However, I would suggest you run a policy trace for preauthentication and see if something interesting appears. I've learned as much about system variables from policy trace output as I have from the admin guide.
0 Kudos
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.