Hi All,
I need to configure my firewall to identify users using Kerberos for single sign on without an use of an explicit proxy. I was only able to find articles with Kerberos authentication with explicit proxy.
My Device : FG-401F
OS Version : 7.0.15
Thank you !...
Solved! Go to Solution.
Hi Sadhi,
You have to have a proxy feature enabled to help intercept the layer 7 handling for the Kerberos authentication since Kerebros is a layer 7 protocol. You may resort to FSSO, local auth using Captive portal but if you want to leverage Kerberos then proxy feature has to be enabled and to my knowledge, this is vendor independent and its the way Kerberos requires the underlay mechanism. With the proxy only, FortiGate can inspect and intercept the HTTP headers and negotiate the Kerberos ticket exchange. You may refer to the below docs to consider using transparent proxy in your device and RFC for a detailed read about Kerberos auth.
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/15908/transparent-proxy
https://datatracker.ietf.org/doc/html/rfc4120
Thanks,
Hi Sadhi,
You have to have a proxy feature enabled to help intercept the layer 7 handling for the Kerberos authentication since Kerebros is a layer 7 protocol. You may resort to FSSO, local auth using Captive portal but if you want to leverage Kerberos then proxy feature has to be enabled and to my knowledge, this is vendor independent and its the way Kerberos requires the underlay mechanism. With the proxy only, FortiGate can inspect and intercept the HTTP headers and negotiate the Kerberos ticket exchange. You may refer to the below docs to consider using transparent proxy in your device and RFC for a detailed read about Kerberos auth.
https://docs.fortinet.com/document/fortigate/7.6.0/administration-guide/15908/transparent-proxy
https://datatracker.ietf.org/doc/html/rfc4120
Thanks,
Created on 10-11-2024 11:04 AM Edited on 10-11-2024 11:04 AM
Thank You Atul. Information noted !..
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.