Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Creating Identity Management Profiles

    Use the Create Identity Management Profile page to create a JIMS profile and to obtain user identities.

    To create an identity management profile:

    1. Select Configure > User Firewall Management > Identity Management Profile.

      The Identity Management Profile page appears.

    2. Click the + sign.

      The Create Identity Management Profile page appears.

    3. Complete the configuration by using the guidelines in Table 1.
    4. Click Finish.

    Table 1: Fields on the Create Identity Management Profile Page

    Field

    Description

    General Information

    Name

    Enter a unique string of alphanumeric characters, colons, periods, dashes, and underscores. Maximum length is 255 characters.

    Description

    Enter a description for the identity management profile; maximum length is 255 characters.

    General Information—Connection for Primary and Secondary Identity

    Connection Type

    Select the application protocol from the list used for the SRX Series device connection to Juniper Identity Management System (JIMS). You identify the connection protocol along with the configuration that identifies JIMS . The user query function allows the SRX Series device to request user authentication and identity information for an individual user from JIMS.

    • HTTP—Protocol that JIMS uses to connect to the SRX Series device.
    • HTTPS—Secure version of the protocol that JIMS uses to connect to the SRX Series device.

    If the connection type option is not configured, HTTPS is used by default.

    Port

    Select the connection port of the JIMS server, from the list. Default port number is 443. The range is 1 to 65535.

    Primary IP Address

    Enter a valid IPv4 address of the primary JIMS server.

    SRX Series devices always query the primary JIMS to obtain the user identities.

    Primary CA Certificate

    Enter the certificate of the primary JIMS server. The SRX Series device uses this certificate to verify the certificate of the JIMS server for the SSL connection that is used for the user query function. For example: ’/var/tmp/RADIUSServerCertificate.crt’

    When SRX Series device does not receive the information from JIMS through the Web API POST requests, user query enables the SRX Series device to query JIMS for authentication and identity information for an individual user.

    Secondary Identity

    Enable this option to use the secondary JIMS server as a fallback when the primary JIMS server fails. By default, this option is disabled.

    Secondary IP Address

    Enter a valid IPv4 address of the secondary JIMS server.

    The secondary JIMS is available as a fall back option with limited resources. Use the secondary JIMS when the HTTP GET query or number of queries to the primary JIMS fails.

    Secondary CA Certificate

    Enter the certificate of the secondary JIMS server. The SRX Series device uses this certificate to verify the JIMS server certificate for the SSL connection, used for the user query function.

    Token API

    Enter the token API used to generate the URL to acquire an access token. The token API is combined with the connection method and the IP address of JIMS to produce the complete URL used to acquire an access token.

    For example, if the token API is oauth, the connection method is HTTPS, and the IP address of JIMS is 192.0.2.199, the complete URL to acquire an access token would be https://192.0.2.199/api/oauth. This is a required parameter.

    The default token API is oauth_token/oauth.

    Query API

    Enter the query API to specify the path of the URL that the SRX Series device uses to query JIMS for an individual user. For the SRX Series device to be able to make a request, you must have configured the query API to obtain an access token.

    The SRX Series device generates the complete URL for the user query request by combining the query API string with the connection method (HTTP/HTTPS) and the JIMS IP address.

    Advanced Settings—Batch Query

    Items per Batch

    Enable this option to specify the maximum number of reports to include in the JIMS response. The minimum number of reports is 100.

    Query Interval

    Enable this option to configure the time interval, in seconds, for SRX Series devices to periodically query JIMS for the newly generated user identities.

    Advanced Settings—IP Query

    Query Delay Time

    Enter the time in seconds for the SRX Series device to delay before sending the individual IP queries to JIMS for authentication and identity information for individual users.

    After the delay timeout expires, the SRX Series device sends the query to JIMS and creates a pending entry for the user in the Routing Engine authentication table.

    Range: 0 through 60 seconds

    No IP Query

    Enable this option to disable the IP address query function that is enabled by default.

    Advanced Settings—Authentication Timeout

    Authentication Entry Timeout

    Enter the timeout interval after which, the idle entries in the JIMS authentication table expire. If a value of 0 is specified, the entries will never expire. Default is 60 minutes.

    The timeout interval begins when the user authentication entry is added to the JIMS authentication table.

    Assign Devices—Add Assign Devices

    Device Name

    Select the SRX Series device from the list for JIMS to send the report on user identities.

    Client ID

    Enter the client ID that the SRX Series device requires to obtain an access token for the JIMS user query function. The client ID must be consistent with the API client configured on JIMS.

    Client Secret

    Enter the client secret used with the client ID that the SRX Series device requires to obtain an access token. The client secret must be consistent with the API client configured on JIMS.

    Modified: 2017-06-11