Description
This article describes how to configure the site publish policy to delegate HTTP basic authentication.
Scope
FortiWeb.
Solution
The site publish feature provides authentication to add more security for applications and also enables the offloading of authentication from application servers. In this article, the application is configured to authenticate clients with basic authentication. FortiWeb will authenticate the client with HTML form authentication and delegate with HTTP basic.
Configuration:
Configure a remote server to authenticate users. In this article, an LDAP server is used. (For more information, see https://docs.fortinet.com/document/fortiweb/7.2.2/administration-guide/467409/offloading-http-authen....)
Navigate to User -> Remote Server -> LDAP Server.
Navigate to Application Delivery -> Site Publish and configure the Site Publish Rule:
Create a policy and call the site publish rule. Then, select the site publish policy in the related web protection profile.
Before configuration:
The application itself tries to authenticate the user and produces an HTTP basic authentication window.
After configuration:
A FortiWeb authentication form will be sent to the user for authentication:
After form based authentication, FortiWeb adds the authorization header with provided credentials in HTTP basic.
Troubleshooting
Log in to the CLI (to enable logging, see https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-create-a-log-file-of-a-session-usin...:(
diagnose debug application site-publish 7
diagnose debug enable
Clear the cache and cookies and try to authenticate again, then disable the debug.
diagnose debug disable
