Feb 10

User Storage in StoneGate SSL VPN

Hints and Tips, SSL VPN -
1 Star2 Stars3 Stars4 Stars5 Stars (5 votes, average: 4.60 out of 5)
Loading ... Loading ...
Add comments

When thinking to a system to allow secure, authenticated access to corporate application, major questions (headaches?) are:

  • how to access to existing user repositories?
  • what if I need a new one aside?
  • what if I need access to multiple repositories?
  • which information can I use?
  • what about grouping?

StoneGate SSL VPN provides a very flexible and powerful answer to these questions, and this article will provide some useful details.

First, let’s deepen the concept of a user storage and why it is useful.
The user storage is the external location where users are stored and it is used by the Policy Service as part of the authorization process.

In StoneGate SSL VPN you can define multiple user storages, of different types, using the predefined supported types (MS Active Directory, OpenLDAP, Novell eDirectory, IBM RACF) or configuring a customized one.

This article will show you how easy, quick and flexible is to define an external OpenLDAP as a user storage.

Once defined, a user storage allows you to link user profiles, to define group membership based access rules, to use user attributes for Single Sign On purposes and numerous other operations in StoneGate SSL VPN.

After defining an OpenLDAP instance on Ubuntu 8.10 system, I realized the video reported below to show you the “less than two minutes” process.

"StoneBlog

The video is also available at higher resolution here.

Now, let’s see some examples about how can I use the information in a user storage.

  • Define user properties location groups, and reference them as access rules
  • Define user location groups, and reference them as access rules
  • Configure user profile attributes in Federated ID assertions
  • Use user attributes as variables in notifications channels definitions, for example mail address and sms based messages
  • Define user profile attributes (for example, samaccountname) in Single Sign On domain configuration
  • Automatic user definition through linking process (in Administrator interface, click on Manage Accounts and Storage, then User Linking in left hand menu)

User storage definition is a great idea to reference existing user repositories to leverage them as basis for flexible and powerful secure access to corporate applications.

Enjoy!

written by RoarinPenguin - 1,011 views \\ tags: ,

Leave a Reply

You must be logged in to post a comment.