Hello dear forum community,
I am quite new to Fortiweb and therefore ask for some indulgence.
Have set up access via LDAPs to the AD
Access to a simple website using server pool and virtual server.
What I need is the following:
Access to WebApplication with upstream login page via Reverse Authenication and LDAP user/group.
Once the login is done, the login to the web application should be done automatically.
How can I create my own "upstream" web pages for reverse authentication.
Under System - Config - Replaycement Messages I found something, but I can't edit any of the preset pages like the login page.
If someone has a simple example, that would be great
wrbgrds TBC
Ps. greetings from Germany
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello and welcome to the forum,
your question covers different aspects you'll need put altogether sequentially ordered.
HTTP authentication is a bit limited for your needs, so go for Site Publishing directly.
One possible sequence could be:
1- Define (and test ) your LDAP auth scheme.
User -> Remote Server -> LDAP server. ( for AD, Fortinet recommends 3269 or 636 as Server Port to user transmit credentials)
2- Define an authentication server pool (Application Delivery -> Site Publish -> Authentication Server Pool) and add LDAP server defined in 1)
3- Application Delivery -> Site Publish -> Site Publish Rule
Everything is adjusted here according to your specific web application (path, urls , auth delegation -or not- to html form etc)
As many things in fortiweb, to be able to use a rule, you have to put it in a policy.
So, define a site publishing policy and include in it your(s) site publishing defined rule(s).
4- Then, you can use site publishing policy in your web protection profile
(Policy->Web Protection Profile -> Inline Protection Profile-> (your Web prot prof) ->Applic Delivery -> Site Publish)
5- Finally, that web protection profile is applied in the relevant Server Policy publishing your application.
There are some other adjusts to take in consideration, as importing certificates if you want to use (as said) LDAPs, session management enabled , etc, but in general terms, this sequence could be a way to do it.
Best regards
regards
/ Abel
Hello Abelio,
many many thnk's for helping!
Step 3. was that one i missing, after configure that, a authenication of AD-User was possible!
There is one more oben issue on that:
What i need to do to have a Login page instant of a login Popup.
As i worte before the editing of System - Config - Replaycement Messages is not posible. I using admin user for that.
What i like to to is something like this:
Is that one possible?
many many thank's!!!
Have good start in the week
greetings TBC
Hello @All,
we have find out how we can modifiy our one login page by duubel click of login page.
We have also generate our new login page under "System/Config/Replacement Messagege" based on tamplate.
Under "Policy/Server Policy" we add the "Replacement Messagege"
But if we open the URL we only get the login Popup
What we doing wrong?
Is there anything else what we need to do?
Many thank's
TBC
Is there no one how can help?
Many thank's
TBC
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1732 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.