DescriptionThis article explains how to integrate single sign on
and local authentication for explicit proxy users SolutionNew CLI commands to configure the single sign on
and local authentication for explicit proxy users
Configure local and FSSO authentication scheme for FortiGate explicit proxy
config authentication scheme
edit "local"
set method form
set require-tfa disable
set user-database "local" --> Local authentication
next
edit "fsso"
set method fsso --> Single SignOn policy
next
end
Configure local and FSSO authentication rule for FortiGate explicit
proxy
config authentication rule
edit "2"
set status enable
set protocol http
set srcaddr "Ip_172.31.134.150"
set ip-based enable
set active-auth-method ''
set sso-auth-method "fsso" --> Single SignOn policy
set comments ''
next
edit "1"
set status enable
set protocol http
set srcaddr "all"
set ip-based enable
set active-auth-method "local" --> Local authentication policy
set sso-auth-method ''
set comments ''
next
end
Configure proxy authentication rule :
config firewall proxy-policy
edit 2
set uuid 2e80b2c6-283d-51e9-a17c-63e20afb33dc
set proxy explicit-web
set dstintf "port2"
set srcaddr "Ip_172.31.134.150"
set dstaddr "all"
set service "webproxy"
set action accept
set schedule "always"
set groups "FSSO_PROXY"
next
edit 1
set uuid bb042630-2566-51e9-2140-39bae534f3cf
set proxy explicit-web
set dstintf "port2"
set srcaddr "all"
set dstaddr "all"
set service "webproxy"
set action accept
set schedule "always"
set groups "SSO_Guest_Users"
set profile-protocol-options "test"
next
