Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TBC
Contributor

Create own Reverse Authenication WebSite front of WebApplication

Hello dear forum community,


I am quite new to Fortiweb and therefore ask for some indulgence.


Have set up access via LDAPs to the AD
Access to a simple website using server pool and virtual server.

 

What I need is the following:
Access to WebApplication with upstream login page via Reverse Authenication and LDAP user/group.
Once the login is done, the login to the web application should be done automatically.

How can I create my own "upstream" web pages for reverse authentication.

 

Under System - Config - Replaycement Messages I found something, but I can't edit any of the preset pages like the login page.

 

If someone has a simple example, that would be great

 

wrbgrds TBC

Ps. greetings from Germany

 

4 REPLIES 4
abelio
SuperUser
SuperUser

Hello and welcome to the forum,

your question covers different aspects you'll need put altogether sequentially ordered.

HTTP authentication is a bit limited for your needs, so go for Site Publishing directly.

 

One possible sequence could be:

 

1- Define  (and test ) your LDAP auth scheme.
  User -> Remote Server -> LDAP server.  ( for AD, Fortinet recommends 3269 or 636 as Server Port to user transmit credentials)

 

2-   Define an authentication server pool (Application Delivery -> Site Publish -> Authentication Server Pool) and add LDAP server defined in 1)

 

3- Application Delivery -> Site Publish -> Site Publish Rule
   Everything is adjusted here according to your specific web application (path, urls , auth delegation -or not- to html form etc)

As many things in fortiweb, to be able to use a rule, you have to put it in a policy.
So, define a site publishing policy and include in it your(s) site publishing defined rule(s).

4- Then, you can use site publishing policy in your web protection profile
    (Policy->Web Protection Profile -> Inline Protection Profile-> (your Web prot prof) ->Applic Delivery -> Site Publish)

 

5- Finally, that web protection profile is applied in the relevant Server Policy publishing your application.

 

There are some other adjusts to take in consideration, as importing certificates if you want to use (as said) LDAPs, session management enabled , etc,  but in general terms, this sequence could be a way to do it.

 

 

Best regards

 

 

 

regards




/ Abel

regards / Abel
TBC

Hello Abelio,

 

many many thnk's for helping!

Step 3. was that one i missing, after configure that, a authenication of AD-User was possible!

There is one more oben issue on that:

What i need to do to have a Login page instant of a login Popup.

As i worte before the editing of System - Config - Replaycement Messages is not posible. I using admin user for that.

TBC_0-1643632754098.png

What i like to to is something like this:

TBC_1-1643632978418.png

Is that one possible?

 

many many thank's!!!

Have good start in the week

greetings TBC

 

 

TBC
Contributor

Hello @All,

we have find out how we can modifiy our one login page by duubel click of login page.

We have also generate our new login page under "System/Config/Replacement Messagege" based on tamplate.

Under "Policy/Server Policy" we add the "Replacement Messagege"

TBC_0-1644240046358.png

 

But if we open the URL we only get the login Popup

TBC_1-1644240091067.png

What we doing wrong?

Is there anything else what we need to do?

 

Many thank's

TBC

 

TBC
Contributor

Is there no one how can help?

Many thank's

TBC

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors