| General > Kerberos
tab |
Enable Kerberos SSO
|
Select the Enable Kerberos SSO check
box to enable Kerberos SSO.
|
| General > Kerberos
> Realm Definition > New Realm Definition |
Realm
|
Enter the Kerberos realm name. For example, enter http://www.kerber.net. The device uses kerber.net
to obtain the list of key distribution centers (KDCs).
|
Site Name
|
Enter the Active Directory site names. Use this field
to have the device contact the KDC at a specific site. For example,
if site name is Sunnyvale and realm is http://www.kerber.net, then
the device uses Sunnyvale.KERBER.NET to get the list of KDCs.
Note:
The Active Directory must have the sites defined and DNS
must be configured to return the KDCs in the site.
|
Pattern
|
Enter the hostnames mapped to the Kerberos realm. You
can enter wildcard characters such as *.y.com, *.kerber.net, or *.*.
|
KDC
|
Enter the hostname or IP address of the KDCs if DNS is
unavailable or if you want the device to contact a specific KDC for
tickets. If you enter a KDC, the device does not use DNS to obtain
the list of KDCs based on the values entered in the Site Name and
Realm boxes.
|
| General > Kerberos
> Constrained Delegation > Constrained Delegation > New Constrained
Delegation |
Label
|
Enter a name to uniquely identify the constrained delegation.
No external mapping is made to the label value.
|
Realm
|
Select the realm to use. The drop-down list is populated
by values in the Realm box.
|
Principal Account
|
Enter the constrained delegation account. The device
obtains the constrained delegation tickets with the value you enter
on behalf of the user.
|
Password
|
Enter the constrained delegation account password.
|
Service List
|
Select the service list to use. The list should be an
exact match with the service list in Active Directory if you want
the device to perform constrained delegation for all the services.
Hostnames must be an exact match.
|
| General > Kerberos
> Constrained Delegation > Constrained Delegation Services List >
New Constrained Delegation Service List |
Id
|
Enter a unique identification number for the constrained
delegation service list.
|
Name
|
Enter a name for the constrained delegation service list.
|
Services
|
Enter the service list name.
|
| General > Kerberos
> Kerberos Intermediation > Kerberos Intermediation > New Kerberos
Intermediation |
Label
|
Enter a name to uniquely identify the Kerberos Intermediation.
No external mapping is made to the label value.
|
Realm
|
Select the realm to use. The drop-down list is populated
by values in the Realm box.
|
Credential Type
|
Select one of the following options from the drop-down
list:
- System—Specifies the set of
user credentials, such as primary and secondary authorization credentials,
stored in the device. If you select this option, you do not need to
enter the username and password.
- Variable—Allows tokens such
as username and password to be used in the Username and Password boxes.
- Static—Specifies the username
and password exactly as they are entered in the Username and Password
boxes.
|
Username
|
Enter the account username.
|
Password
|
Enter the account password.
|
Variable Password
|
Enter the password token if you select Variable as the credential type.
|
| General > NTLM |
Enable NTLM SSO
|
Select the Enable NTLM SSO check
box to enable NTLM SSO. If you do not enter any configuration information,
the device attempts to figure out the domain from the hostname and
performs SSO using the system credentials.
|
Fallback to NTLM V1
|
Select the Fallback to NTLM V2 check
box to fall back to NTLMv1 if Kerberos fails. If you do not select
this option and Kerberos SSO fails, an intermediation page appears.
|
| General > NTLM
> NTLM Intermediation > New NTLM Intermediation |
Label
|
Enter a name to uniquely identify the NTLM intermediation.
No external mapping is made to the label value.
|
domain
|
Enter the Active Directory domain name.
|
Credential Type
|
Select one of the following options from the drop-down
list:
- System—Specifies the set of
user credentials, such as primary and secondary authorization credentials,
stored in the device. If you select this option, you do not need to
enter the username and password.
- Variable—Allows tokens such
as username and password to be used in the Username and Password boxes.
- Static—Specifies the username
and password exactly as they are entered in the Username and Password
boxes.
|
Username
|
Enter the account username. If you select Variable as the credential type, you can enter the username
token.
|
Password
|
Enter an account password.
|
Variable Password
|
Enter the password token if you select Variable as the credential type.
|
| General > Basic
Authentication |
Enable Basic Authentication SSO
|
Select the Enable Basic Authentication
SSO check box to enable basic authentication SSO.
|
| General > Basic
Authentication > Basic Auth Intermediation > New Basic Auth Intermediation |
Label
|
Enter a name to uniquely identify the basic authentication
intermediation. No external mapping is made to the label value.
|
Credential Type
|
Select one of the following options from the drop-down
list:
- System—Specifies the set of
user credentials, such as primary and secondary authorization credentials,
stored in the device. If you select this option, you do not need to
enter the username and password.
- Variable—Allows tokens such
as username and password to be used in the Username and Password boxes.
- Static—Specifies the username
and password exactly as they are entered in the Username and Password
boxes.
|
Username
|
Enter the account username. If you select Variable as the credential type, you can enter the username
token.
|
Password
|
Enter an account password.
|
Variable Password
|
Enter the password token if you select Variable as the credential type.
|
Pattern
|
Enter the hostnames mapped to the Kerberos realm. You
can enter wildcard characters, such as *.y.com, *.kerber.net, or *.*.
|
