cancel
Showing results for 
Search instead for 
Did you mean: 

Webproxy SSO - Form POST?

SOLVED
Highlighted
Contributor

Webproxy SSO - Form POST?

Hello,

I've got a question regargin to Single Sign On Configuration.

We allow our users to type URLs in the IVE browser bar. These URLs will be reached over the configured Webproxy Server.

This Webproxy needs authentication for every user/access. After typing an URL the user gets an website (generated by the IVE) where he has to type username and password to authenticate via Webproxy.

The username and the password is the same as the SSL VPN login data.

Is there anyone who has the same configuration and got SSO working?

I have already tested with "Form POST". But this does not work (perhaps becuase the inout labels don't have an ID??).


Enclosed you find a part of the source code of the authentication page:

<form name="frmLogin" action="/dana/home/userpass.cgi" method="POST" autocomplete="off">          <input type="hidden" name="xsauth" value="dd1b5a767c1728f276e82b8b42af1c4c">     <input type="hidden" name="url" value="/,DanaInfo=www.heise.de,SSO=U%2B">     <input type="hidden" name="domain" value="DOMAIN">     <input type="hidden" name="host" value="www.heise.de">         <input type="hidden" name="DANAmethod" value="">         <input type="hidden" name="DANAmvalue" value="">         <input type="hidden" name="proxy" value="1">
        <input type="hidden" name="proxyhost" value="IP">         <input type="hidden" name="ssoType" value="2">  <blockquote> <table border="0" cellpadding="1" cellspacing="0" bgcolor="#CCCC99"><tr><td> <table border="0" cellpadding="10" cellspacing="0" bgcolor="#FFFFCC"><tr><td>&nbsp;</td><td> <p><span class="cssPgTitle"><b>Authentifizierung erforderlich</b></span></p> <p>FŸr den Zugriff auf diese Website benštigt ein <b>Webproxy</b> eine weitere Authentifizierung. </p> <p>Geben Sie Ihren Benutzernamen und das Kennwort fŸr diese Webseite ein.</p>
<table border="0" cellpadding="2" cellspacing="2">     <tr>         <td><img border="0" src="/dana-cached/imgs/space.gif" width="32" height="1"></td>         <td>Site:</td>         <td bgcolor="#FFFF99"><div style="padding:2px">IP</td>     </tr>     <tr>         <td><img border="0" src="/dana-cached/imgs/space.gif" width="32" height="1"></td>
        <td>Benutzername:</td>         <td><input type="text" name="username" size="20"></td>     </tr>     <tr>         <td>&nbsp;</td>         <td>Kennwort:</td>         <td><input type="password" name="password" size="20"></td>     </tr>    <tr>
        <td>&nbsp;</td>         <td>Domain:</td>         <td><input type="text" name="userDomain" value="DOMAIN" size="20"></td>     </tr>    <tr>         <td>&nbsp;</td>         <td>&nbsp;</td>         <td>&nbsp;</td>     </tr>
    <tr>         <td>&nbsp;</td>         <td>&nbsp;</td>                 <td>                     <input type="submit" value="Weiter" name="action">                     <input type="button" value=" Abbrechen " name="cancelBtn" onclick="history.go(-1)">                 </td>     </tr> </table>
<td>&nbsp;</td></td></tr></table> </td></tr></table> </blockquote> </form><!-- Copyright 2001-2010 Juniper Networks, Inc. All rights reserved. -->
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Respected Contributor

Re: Webproxy SSO - Form POST?

Unfortunately web proxy authentication is not supported through the rewriter.

From the release notes:

The Web Proxy feature may only be configured for HTTP and HTTPS requests. When the Web Proxy feature is enabled, administrators should make sure to turn off HTTP proxy authentication (407-based) on the Web proxy. SA does not respond to 407-based authentication challenges from the Web proxy.

View solution in original post

6 REPLIES 6
Highlighted
Regular Contributor

Re: Webproxy SSO - Form POST?

Step 1 of any SSO config is to figure out what your backend authentication schema is and then configure a corresponding SSO scheme  on the SA. Only if your backend auth is configured for Form based Auth can you configure the SA to do Form POST based SSO.

 

*Typically* web proxy related authentication happens using either Basic Auth, NTLM or Kerberos Authentication schemes. And the 'proxy Authentication required' http return code is typically 407.

 

If you can figure out which scheme  your proxy uses and also change the http return code to 401 then you can configure a corresponding SSO scheme on the SA.

Highlighted
Contributor

Re: Webproxy SSO - Form POST?

Thanks for the informations.

Our proxy is using NTLM Auth. and the return code is 407.

Do you have an example how to configure the SA SSO scheme?

Highlighted
Regular Contributor

Re: Webproxy SSO - Form POST?

Don't have a document handy however if you use the 'help' link from admin UI to bring up the product admin guide and then use the search option using the string 'NTLM SSO' then you will find detailed config steps in there for NTLM SSO scheme.

Highlighted
Respected Contributor

Re: Webproxy SSO - Form POST?

Unfortunately web proxy authentication is not supported through the rewriter.

From the release notes:

The Web Proxy feature may only be configured for HTTP and HTTPS requests. When the Web Proxy feature is enabled, administrators should make sure to turn off HTTP proxy authentication (407-based) on the Web proxy. SA does not respond to 407-based authentication challenges from the Web proxy.

View solution in original post

Contributor

Re: Webproxy SSO - Form POST?

thanks for these infos!

Highlighted
Respected Contributor

Re: Webproxy SSO - Form POST?

You are welcome; hope it helps!