Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
since ‎10-29-2017
‎10-29-2017
udo_
New Contributor

Re: Comparing variables from certificate with loca...

by in Pulse Connect Secure
‎06-03-2012 11:25:PM
‎06-03-2012 11:25:PM
Hi, after some testing together with JTAC, i have now more insight and an solution, that i wanted to share with you. To make sure that we are talking about the same, i wanted to glue a userid/pw that should be sent to a Win AD to some valaues of a user cert. in order to make sure that for company ABC every employee has to use their own cert and userid+pw rather than any mix of the above. insights: - not all cert variables are available for comparisons at any stage. Auth Policy: - only the "main" attribute values from the DN text are available at the pre-signin level (Users -> User Realm -> <NAME> -> Auth Policy -> Certificates -> Restrictions - At the aforemention level you can only check for the content of a variable , like O= ABC - but comparing two arbitrary variable's values does not work. User Role mapping: - here the comparison of two arbitrary variable's does work in general. - only a subset of variables can not be compared for whatever reason (for example, given your WinAD login name is [email protected], then your SA username would contain "firstname.lastname". The comparison of <certAttr.altName.Emailid> != <USERNAME> does not work, but here a explanation is missing why. - another rolemapping rule of the kind of "if certIssuer.DN != "ABC User CA" then don't do a role map. works just nicely at the rolemapping level. Solution: - create 2 auth servers: - primary: local cert server - 2ndary: Win AD, with userid field preset with <certAttr.altname.EmailID> and password to be specified at login page. Now this works, if the lefthand values of an users emailaddress does exist in the Win AD as a user AND their password do match on the WinAD. I do further checks on the rolemapping level: "if <certIssuerDN.CN != "My Company User CA" then no role map works quite nicely now. Thanks for your answers, i appreciate them. ... View more

Comparing variables from certificate with local or...

by in Pulse Connect Secure
‎05-29-2012 05:09:AM
‎05-29-2012 05:09:AM
Hi, i am trying to use 2factor authentication for user access to a SSL VPN. The two factors should be: - user SSL certifcate - userid/pw with local server or Win AD One of the goals is to glue the certificate with the user credentials to make sure that a user only can login to the VPN with their own userid/pw but not for example with their own uid+pw and their collegues cert. Let's assume the login name is firstname.lastname The user presents the certificate, where the variable certAttr.altName.Emailid contains also firstname.lastname. Now i tried to only use one Auth Server (Win AD) in this setup and checked both at Users -> Realm <NAME> -> Auth Policy -> Certificates or Users -> Realm <Name> -> Role Mapping -> Testrule to do something like this: if certAttr.altName.Emailid != <USERNAME> then reject. but that does not work. I suspect it is not possible to compare the contants of any arbitrary variables. Does anyone have ideas on that? thanks and regards Udo ... View more

Secure Meeting SMTP settings problems

by in Pulse Connect Secure
‎01-02-2010 02:52:AM
‎01-02-2010 02:52:AM
Hi, I am trying to configure an SA2500 running version 6.3R4 to send out meeting invitations for Secure meeting. Under the menu System -> Configuration -> SecureMeeting I have added the following values: SMTP-Server: IP of an Server that is reachable via the internal interface SMTP-User: empty SMTP-password: empty SMTP-Email: meeting email alias I have ticked to enable box. and tried to save the config. Nevertheless the system answers with the error message "Error SMTP Server unknown" Even adding an Alias for that server IP to the hosts tab under Configuration -> Network does not help. What did i miss to configure ? Or what do i additionally need to configure ? every help is appreciated. thanks and cheers Udo ... View more
Latest Tags
No tags yet
© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.