FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rpmadathil_FTNT
Description
This article explains how to integrate single sign on and local authentication for explicit proxy users
Solution

New CLI commands to configure the single sign on and local authentication for explicit proxy users

Configure local and FSSO authentication scheme for FortiGate explicit proxy

config authentication scheme

edit "local"

set method form

set require-tfa disable

set user-database "local" --> Local authentication

next

edit "fsso"

set method fsso -->  Single SignOn policy

next

end

Configure local and FSSO authentication rule for FortiGate explicit proxy 

config authentication rule

edit "2"

set status enable

set protocol http

set srcaddr "Ip_172.31.134.150"

set ip-based enable

set active-auth-method ''

set sso-auth-method "fsso" -->  Single SignOn policy

set comments ''

next

edit "1"

set status enable

set protocol http

set srcaddr "all"

set ip-based enable

set active-auth-method "local"    --> Local authentication policy

set sso-auth-method ''

set comments ''

next

end

Configure proxy authentication rule :

config firewall proxy-policy

edit 2

set uuid 2e80b2c6-283d-51e9-a17c-63e20afb33dc

set proxy explicit-web

set dstintf "port2"

set srcaddr "Ip_172.31.134.150"

set dstaddr "all"

set service "webproxy"

set action accept

set schedule "always"

set groups "FSSO_PROXY"

next

edit 1

set uuid bb042630-2566-51e9-2140-39bae534f3cf

set proxy explicit-web

set dstintf "port2"

set srcaddr "all"

set dstaddr "all"

set service "webproxy"

set action accept

set schedule "always"

set groups "SSO_Guest_Users"

set profile-protocol-options "test"

next


Contributors