The power of form-based Single Sign-On… in 8 steps
(5 votes, average: 5.00 out of 5)
Loading ...Today I’m proposing you another tech dive in the beautiful world of Enterprise Single Sign-On, shortened with SSO or eSSO.
StoneGate SSL VPN supports SSO completely, allowing authenticated users to perform transparent login to web and legacy applications such as Remote Desktop, Telnet, SSH, File Share etc.
In a previous article we already mentioned the power of Adaptive SSO, while in this post I’ll cover another type of powerful and flexible SSO type: Form Based Single Sign On.
While adaptive SSO tries to recognize the structure of a form in a web page, attempting to automagically map fields such as username, password or domain, form based SSO allows complete customization of the way SSL VPN should interact with the back-end form to fulfill even the most complex and awkward situations.
Form based SSO is configured in StoneGate SSL VPN within the resource it relates to, marking the check box “Enable Single Sign-On”.
From Single Sign-On Type drop down menu select Form based and select the SSO Domain you want to use.
SSO Domains can be defined in Manage Resource Access – SSO Domains.
Once you select form-based, a new tab appears to allow the configuration of the different form based attributes, explained here below:
- First you can configure the logon form request method, choosing between GET or POST
- Second, you have to specify the Form Action URL. Please remember that this is the URL that the form points to.
For example: let’s suppose the form is normally visible at http://mysite.mydomain.com/myform.html
Once filled in, if you press the Submit button the data will be sent to http://mysite.mydomain.com/cgi-bin/formhandler.cgi
This second one is the URL you have to type in Form Action URL field. - Third, you define here which are the form data you need to send.
If your form has the username field named My-Username and the password field named Passwd, the method you selected is POST and you want to pass the variables $username and $password from the user session, then what you will type in this field will very probably be:
My-Username=[$username]&Passwd=[$password]
For additional info about the variables, refer to Online Help or to the Administrator’s Guide. - Fourth, you can specify the SSO Credentials Encoding in case you need to use special characters.
- Fifth, in Verification URL you can insert a URL the SSL VPN will validate to verify whether the authentication succeeded. In case no URL is inserted, it will consider the resulting page from form submission.
- Sixth, type a string that if found within the page referenced in previous step, it will tell that authentication succeeded/failed (remember to mark also which is the case).
- Seven, it is possible to define Additional Headers to be added to the request. Headers are specified in header name – header value pairs.
- Eight, it is possible to add Client Request Headers to the request.
Once you are done with Form Based SSO, you can test with the form and script provided here.
Leave a Reply
You must be logged in to post a comment.
Recent Comments