cancel
Showing results for 
Search instead for 
Did you mean: 

Time Limited SSL User

Highlighted
New Contributor

Time Limited SSL User

Hi ,

I want to create SSL user which can do connection for a week. How can I schedule this ,I do not know. I know there is an option , user can connect only one time with his/her account .

For example ; A user connection will start now until one week later , user will disable.

Thanks.

Also searching in forums but I have not meet yet.

5 REPLIES 5
Highlighted
New Contributor

Re: Time Limited SSL User

it could be like expire date. User expires one week later.

Highlighted
Super Contributor

Re: Time Limited SSL User

Hi,

I understand that you want the SSL user to allow log in only at some particular time interval like logintime, login day etc.

Yes this is possible by using custom expressions options under role mapping , you can configure rolemapping rule based on customexpression and apply time,day,user conditions in an expression that matches your requirement.

Kindly refer the SA admin guide for more information onconfiguration and information on custom expressions, please use the below URL to download the SA admin guide, refer page# 1012

http://www.juniper.net/techpubs/software/ive/admin/j-sa-sslvpn-7.1-adminguide.pdf

Hope this clarifies your query.

NOTE:
Please mark this post as 'accepted solution' if this answers your question that way it might help others as well, a kudo would be a bonus thanks!!

Regards,
Kannan

Highlighted
New Contributor

Re: Time Limited SSL User

Yes it looks helpful but I must make my own expression for session time limits. It looks a little bit difficult. Smiley Happy if I do something wrong what happens i do not know because i don't have a test device Smiley Happy.

I am waiting alternative answers for a short time

Highlighted
Contributor

Re: Time Limited SSL User

As far as I know there are no other ways to achive this. Exept you use an external auth server which allows you to define time restricions. But that would just allow you to define a login time.

With custom expresion in combination with policy reevaluation you can also make sure the user gets kicked when the login time expires.

Custom expressions aren«t that complicated. They are simple IF-Then expressions.

And if you do something wrong, than simply nothing happens. If the expression matches, the user can log in. If not, he can«t :-)

For example

user = 'JDoe'

AND

time.year = 2012

AND

time.month = 01

AND

Time.day = 26

AND

Time = (08:00AM TO 05:00PM)

AND

hostCheckerPolicy = "<name of policy>"

This allows the user "JDoe" to login on 26th January 2012 between 8 AM and 5 PM, if the defined Host Checker Policy check was successfull.

You can test your custom expression with the simulator (Maintenance / Troubleshooting / UserSessions / Simulation)

Hope it helps.

Marc

Highlighted
Respected Contributor

Re: Time Limited SSL User

no, this option does not exist on the system. it is a good enhancement request