StoneBlog.stonesoft.com

I was discussing today with a customer interested in verifying this option offered by StoneGate SSL VPN to protect a web resource… and I thought to document it here, especially describing the part related to Windows configuration.

The whole idea behind WIL is that a backend Internet Information Server (for example) protects a web path with this technique called Windows Integrated Login.

When a browser attempts to reach it, the web server sends back a challenge for authentication. These credentials are taken from the Windows environment, allowing authenticated users of a given domain to access smoothly.

Other users will have to insert credentials in a popup windows that will appear, getting a HTTP 401 – Unauthorized if validation fails.

To configure a virtual web server or a path as protected with WIL on windows 2003 Internet Information Server is fairly easy.

First, you need to access to IIS Manager console, to browse the various settings available.

Right click on the virtual web server you’re interested in and select Properties. Click on Directory Security tab as shown below:

Uncheck Enable anonymous access and check Integrated Windows Authentication.

Then apply changes to IIS and if needed restart the service.

To configure Windows Integrated Login on StoneGate SSL VPN, access to Administrator interface, click on Manage System and on Authentication Methods.

Add and authentication method of Windows Integrated Login type, give it a name and click on Add Authentication Method Server… and fill in values as detailed below:

• Host => this is the IP of the protected web server where Windows Integrated Login is active
• Port => this is the port the web server is listening to
• Path => this should match the path on the web server where WIL is activated. If the whole web server is enabled for WIL, then type a forward slash (“/”) in this field.
• optionally, it is possible to enable SSL communication and to select the CA to validate the server certificate.

Finally, proceed to create the web resource you need to access using WIL Authentication Method.

Save configuration and Publish.

To test, access to application portal selecting the Windows Integrated Login authentication method. If the domain you are in is not matching the credentials that authentication method server expects, you will be prompted to insert username and password in a popup windows. WIL authentication will be automatically handled when you will click on the resource you want to access.

Secure access to applications with SSL VPN and Windows Integrated Login. Simplified!

written by RoarinPenguin - 2,688 views \\ tags: SSL VPN, Windows Integrated Login