Forcing Unified Agent to requests credential via Captive Portal.

book

Article ID: 171455

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

By definition, challenge-based authentication displays a credential dialog to users each time they open a web browser. Users must enter their corporate network username and password into the dialog and click Accept before performing web content requests. In this context, this feature is also commonly referred to as Captive Portal. Under certain circumstances, we need to force the Unified Agent to request authentication instead automatic detection. This behavior is well used for remote user that need to validate his credential to Web Security Service and his workstation does not be part of the active directory. In that way, we can enforce any policy declared in Web Security Service for this user. This configuration will force all Unified Agent to request username and password for any circumstance. If the Unified Agent goes into passive mode this behavior will be bypassed and the credential will not be requested.

 

Environment

Auth Connector must be configured and successfully running. Your Active directory must be synchronized with the Portal in order to validate the username and password.

The Unified Agent status cannot be "passive mode". This means that cannot be running behind a protected location using another access method from Web Security Service (Firewall VPN, Explicit Proxy, etc)

Resolution

  1. In Service Mode; select Mobility > Unified Agent.

  1. To enforce accurate user credentials rather than rely on locally cached credentials, select Enable Captive Portal for remote users (using Unified Agent). This option requires the deployment of the Auth Connector application, which integrates with your Active Directory to provide username and group information.

  1. In order to detect this change in customer´s workstation, restart the Unified Agent tunnel. The format allowed for credential detection must be DOMAIN/username and password or simply username and password.

 

Attachments