cancel
Showing results for 
Search instead for 
Did you mean: 

SA 4500 with multiple authentification server

mac_load_
Occasional Contributor

SA 4500 with multiple authentification server

Dear all

 

We use currently 2 type of authentification server in our compagny. First one is based on an LDAP and the second is an Active directory. On each authentifcation server, user have the same login but not always the same password (there is no sync between 2 systems).

 

We use SA 45000 to access our extranet web site (https://extranet.xxxx.zzzz.com). I would like to kwow, if for the same login page, we can use 2 differents authentification server (1st priority is to check in AD and 2eme is the LDAP). When user try to connect, he will enter his login (the same on both authentification) and the system check in AD if the password is correct and if not, the system check after on the LDAP directory ?

 

Is it possible ?

 

BR

3 REPLIES 3
ruc_
Regular Contributor

Re: SA 4500 with multiple authentification server

The current design allows for dual authentication servers (under realm you have to select the option 'Additional authentication server') however it does not allow for a fallback (try first auth sever and if it fails try secondary) the way your use case requires.

One workaround is to use custom sign-in pages and 2 realms (one with each auth server) Using custom sign-in pages framework you can customise the login page to trap error message for invalid login from first realm and then redirect browser to the second realm sign-in page.

 

http://www.juniper.net/techpubs/en_US/sa8.0/information-products/topic-collections/security-access-c...

 

mac_load_
Occasional Contributor

Re: SA 4500 with multiple authentification server

Hi

 

When I add an additiinnal authentification server, I have on my sign-in page 2 section for loing et 2 section for password. Is-it normal ? And it's not poassible to have a sign-in page with only one login and one password section when we specify to use an additionnal authentification server ?

ruc_
Regular Contributor

Re: SA 4500 with multiple authentification server

That is the default setting, however you can easily change. Below is from the helper text in the UI (admin guide should have more details):

 

"The additional credentials can be specified by the user on the sign-in page (the labels for these inputs are specified by the sign-in page), or they can be pre-defined below, in which case the user will not be prompted for the credential"