search cancel

Preventing popups with guest authentication using IWA direct in transparent deployment on the ProxySG

book

Article ID: 165783

calendar_today

Updated On:

Products

Advanced Secure Gateway Software - ASG ProxySG Software - SGOS

Issue/Introduction

You want to enable guest authentication on your network and don’t want users to have to enter their credentials via a web browser popup.

Resolution

  1. Configure IWA Direct per the Proxy Authentication Guide
  2. Modify the virtual URL in your IWA General setting to cfauth1.yourdomain.com.  In this example the proxy is joined to DraperSupport.local

  3. Create a static DNS entry for cfauth1 pointing to the SG.

  4. Add http://cfauth1.yourdomain.com to local intranet sites in IE on your domain PC's.  You can also push this via Group policy

  5. Modify your existing Web Authentication layer.  Create a new combined Action Object.  Create a new Permit Authentication Error Object.  Select the Selected errors radio button.  Check the All except User Credentials Required checkbox.  Add both the new Permit Auth Error object & your normal authentication object to the combined object.

     

  6. Create a 2nd Web Authentication Layer.  Create a new user authentication error source object.  Select the any errors radio button.
  7. Create a new Authenticate Guest Action Object.  Enter a Guest Username.  Choose your IWA direct realm from the drop down.  Select Use realm's surrogate refresh time.  Leave Mode blank.
  8. Install the policy and apply all changes.
  9. Now your non domain PC's should show up as Guest & your domain PC's show up like normal.

Attachments