Dec 12

SSL-VPN: How to link Authentication Method and Application to Device Definition

Hints and Tips, SSL VPN -
1 Star2 Stars3 Stars4 Stars5 Stars (3 votes, average: 5.00 out of 5)
Loading ... Loading ...
Add comments

In StoneGate SSL VPN it is possible to link a device defnition to a specific authentication method, and in turn to a specific application.

The use case could be of a link we want to insert in customer website that should take advantage of StoneGate SSL VPN Authentication and in case of successful authentication it should start directly an application without displaying the SSL VPN Application Portal.

To implement this, we need first to define a Device Definition, meaning a way to recognize a calling entity.

To define a device, from top menu select Manage System then from left side menu select Device Definition.

Click on Add Device Definition to add your own. The following window appears:

device definition

Fill in display name with a mnemonic name… in this example we’ll use RoarinDevice.

Definition should contain whatever part of the HTTP header useful to identify that caller.

It could be the browser type, host, etc.

Suppose that we defined for a given partner a URL for our SSL VPN like http://formyRoarinPartner.stonesoft.com. This will be filled in Definition as follows:

device definition-filled

If you use Firefox, there is very useful plugin called Tamperdata to help you finding this "header information".

Now that we have defined the Device, we have to tell the system to like directly an authentication method and an application in case of successful authentication.

This is done by selecting from top menu Manage Resource Access, then from left side menu Global Resource Settings and finally tab Client access.

In this page, click on Add Device Settings. Following window appears:

Device Settings

From Device drop down menu, select the device RoarinDevice we just defined

Then fill in the two relevant field Default Page, that will contain the Authentication Method direct link, and the Welcome Page, that will contain the link to resource stripped from the initial part of the URL.

For instance, to point to resource called /http/Test%20Web%20Server/ using StoneGate Web Authentication the settings are:

Default Page ==> /wa/auth?authmech=StoneGate%20Web

Welcome Page ==> /http/Test%20Web%20Server/

Don’t forget to apply changes by clicking on Publish on top right part of the page!

written by RoarinPenguin - 1,468 views \\ tags: , ,

Leave a Reply

You must be logged in to post a comment.