Table13:RADIUSRoleMappingAttributes (continued)
Description
Attribute
UsingtheCalling-Station-IdandCalled-Station-Id
RADIUSattributes,authorizationandsubsequent
tunnelattributescanbebasedonthephonenumber
originatingthecall,orthenumberbeingcalled.
Telephone-number
TheactiontheNASshouldtakewhenthespecified
serviceiscompleted.
Termination-Action
Indicatestothetunnelinitiatortheparticulartunnelto
whichasessionistobeassigned.
Tunnel-Assignment-ID
Specifiesthenameusedbythetunnelinitiatorduring
theauthenticationphaseoftunnelestablishment.
Tunnel-Client-Auth-ID
Containstheaddressoftheinitiatorendofthetunnel.
Tunnel-Client-Endpoint
Markstherejectionoftheestablishmentofanewlink
inanexistingtunnel.
Tunnel-Link-Reject
Marksthecreationofatunnellink.
Tunnel-Link-Start
Marksthedestructionofatunnellink.
Tunnel-Link-Stop
Thetransportmediumtousewhencreatingatunnel
forthoseprotocols(suchasL2TP)thatcanoperate
overmultipletransports.
Tunnel-Medium-Type
Thetransportmediumtousewhencreatingatunnel
forthoseprotocols(suchasL2TP)thatcanoperate
overmultipletransports.
Tunnel-Medium-Type
Apasswordtobeusedtoauthenticatetoaremote
server.
Tunnel-Password
IftheRADIUSserverreturnsmorethanonesetof
tunnelingattributestothetunnelinitiator,youshould
includethisattributeineachsettoindicatetherelative
preferenceassignedtoeachtunnel.
Tunnel-Preference
ThegroupIDforaparticulartunneledsession.
Tunnel-Private-Group-ID
Markstherejectionoftheestablishmentofatunnel
withanothernode.
Tunnel-Reject
Specifiesthenameusedbythetunnelterminator
duringtheauthenticationphaseoftunnel
establishment.
Tunnel-Server-Auth-ID
Theaddressoftheserverendofthetunnel.
Tunnel-Server-Endpoint
185
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
Change font size pdf document - Compress reduce PDF size in C#.net, ASP.NET, MVC, Ajax, WinForms, WPF
C# Code & .NET API to Compress & Decompress PDF Document
best way to compress pdf; change font size in pdf
Change font size pdf document - VB.NET PDF File Compress Library: Compress reduce PDF size in vb.net, ASP.NET, MVC, Ajax, WinForms, WPF
VB.NET PDF Document Compression and Decompression Control SDK
best pdf compressor online; change paper size pdf
Table13:RADIUSRoleMappingAttributes (continued)
Description
Attribute
Markstheestablishmentofatunnelwithanothernode.
Tunnel-Start
Marksthedestructionofatunneltoorfromanother
node.
Tunnel-Stop
Thetunnelingprotocol(s)tobeused(inthecaseofa
tunnelinitiator)orthetunnelingprotocolinuse(inthe
caseofatunnelterminator).
Tunnel-Type
Thenameoftheusertobeauthenticated.
User-Name
Thepasswordoftheusertobeauthenticated,orthe
user'sinputfollowinganAccess-Challenge.
User-Password
Related
Documentation
ConfiguringaRADIUSServerInstanceonpage170
GeneralRADIUSNotes
Pleasenotethefollowingissues.
UnderstandingClusteringIssues
AccountingmessagesaresenttotheRADIUSserverbyeachclusternodewithout
consolidation.RADIUSaccountingontheInfranetControllerfollowstheseassumptions:
Iftheclusterisactive/passive,allusersareconnectedtoonenodeatatime.
Iftheclusterisactive/activeanddoesnotuseabalancer,usersareconnectedto
differentnodesbutarestatic.
Iftheclusterisactive/activeandusesabalancer,thebalancerusuallyenforcesa
persistentsourceIP.Inthiscase,usersarealwaysconnectedtothesamenode.
TheInfranetControllerdoesnotsupportloadbalancingforRADIUS.
UnderstandingtheInterimUpdateFeature
Ifyouwantaservertoreceiveinterimaccountingmessages,youcanstaticallyconfigure
aninterimvalueontheclient,inwhichcase,thelocally-configuredvalueoverridesany
valuethatmightbeincludedintheRADIUSAccess-Acceptmessage.
Theoctetcountreportedintheaccountingmessagesisthecumulativetotalsincethe
beginningoftheusersession.
Theinterimupdatebytecountisonlysupportedbasedonausersession,notonSAMor
NCsessions.
Theminimuminterimupdateintervalis15minutes.Thedatastatistics(bytesinand
bytesout)forRADIUSAccountingmaynotbesentforaJ-SAM/W-SAM/NCsessionif
Copyright©2012,JuniperNetworks,Inc.
186
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF insert text Library: insert text into PDF content in C#.net
Powerful .NET PDF edit control allows modify existing scanned PDF text. Ability to change text font, color, size and location and output a new PDF document.
pdf compressor; pdf compress
C# PDF Annotate Library: Draw, edit PDF annotation, markups in C#.
Able to edit and change PDF annotation properties such as font size or color. Abilities to draw markups on PDF document or stamp on PDF file.
adjust size of pdf file; change paper size in pdf document
thesessionislessthanfiveminuteslongandtheapplicationskeeptheconnectionsopen
allthetime.
Related
Documentation
ConfiguringaRADIUSServerInstanceonpage170
eTrustSiteMinderOverview
WhenyouconfiguretheSASeriesSSLVPNAppliancetoauthenticateuserswithan
eTrustSiteMinderpolicyserver,theSASeriesSSLVPNAppliancepassestheuser’s
credentialstoSiteMinderduringauthentication.OnceSiteMinderreceivesthecredentials,
itmayusestandardusernameandpasswordauthentication,ACESecurIDtokens,or
clientsidecertificatestoauthenticatethecredentials.
TheSASeriesSSLVPNAppliancealsopassesaprotectedresourceURLtoSiteMinder
duringauthenticationinordertodeterminewhichSiteMinderrealmitshoulduseto
authenticatetheuser.WhentheSASeriesSSLVPNAppliancepassestheprotected
resourceURL,SiteMinderauthorizestheuser’sURLagainsttherealmthatisassociated
withtheresourceandallowstheusertoseamlesslyaccessanyresourceswhose
protectionlevelsareequaltoorlessthantheresourcetheSASeriesSSLVPNAppliance
passed.
TheSASeriesSSLVPNApplianceenablessinglesign-on(SSO)fromSecureAccessto
SiteMinder-protectedresourcesusingSMSESSIONcookies.ASMSESSIONcookieisa
securitytokenthatencapsulatesSiteMindersessioninformation.Dependingonyour
configuration,eithertheSiteMinderWebagentortheSASeriesSSLVPNAppliance
createsaSMSESSIONcookieandthenpoststhecookietothefollowinglocationsso
theuserdoesnothavetore-authenticateifhewantstoaccessadditionalresources:
TheIVE:IftheusertriestoaccessaSiteMinderresourcefromwithinhisSASeries
session(forexample,fromtheSASeriesSSLVPNAppliancefilebrowsingpage),the
SASeriesSSLVPNAppliancepassesitscachedSMSESSIONcookietotheWebagent
forauthentication.
Theuser’sWebbrowser:IftheusertriestoaccessaSiteMinderresourcefromoutside
ofhisSASeriessession(forexample,whenusingaprotectedresourceonastandard
agent),SiteMinderusesthecachedSMSESSIONcookiestoredintheuser’sWeb
browsertoauthenticate/authorizetheuser.
IfyouenabletheAutomaticSign-InoptiontheSASeriesSSLVPNAppliancecanusean
SMSESSIONcookiegeneratedbyanotheragenttoenablesinglesign-onfromaSiteMinder
resourcetotheSASeriesSSLVPNAppliance.WhenauseraccessestheSASeriessign-in
pagewithanSMSESSIONcookie,theSASeriesSSLVPNApplianceverifiesthe
SMSESSIONcookie.Uponsuccessfulverification,theSASeriesSSLVPNAppliance
establishesanSASeriessessionfortheuser.Youcanusethefollowingauthentication
mechanismswhenyouenableautomaticsign-inthroughtheSASeriesSSLVPN
Appliance:
Customagent:TheSASeriesSSLVPNApplianceauthenticatestheuseragainstthe
policyserverandgeneratesaSMSESSIONcookie.Whenyouselectthisoption,you
canenableSSOonotherSiteMinderagentsthatusethesamepolicyserver.Toenable
187
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
C# PDF Sticky Note Library: add, delete, update PDF note in C#.net
Able to change font size in PDF comment box. Note is a necessary feature in PDF annotation, which bring users quick and efficient working with PDF Document.
change font size fillable pdf; can a pdf file be compressed
C# PDF Convert to Word SDK: Convert PDF to Word library in C#.net
target PDF document, keeps the elements (like images, tables and chats) of original PDF file and maintains the original text style (including font, size, color
best pdf compressor; change page size pdf acrobat
SSOontheseagents,updateeachofthemtoacceptthirdpartycookiesIfyouselect
thisoptionandtheuserentershisSASeriessessionwithanSMSESSIONcookie,The
SASeriesSSLVPNApplianceattemptsautomaticsign-inwhentheuserentersthe
SASeriessession.
HTMLformpost:TheSASeriesSSLVPNAppliancepostscredentialstoastandard
Webagentthatyouhavealreadyconfigured.TheWebagentthencreatesSMSESSION
cookies.Ifyouselectthisoption,youcannotuseSecurIDNewPinandNextToken
modesorclient-sidecertificateauthentication.Ifyouselectthisoptionandtheuser
entershisSASeriessessionwithanSMSESSIONcookie,theSASeriesSSLVPN
Applianceattemptsautomaticsign-inwhentheuserenterstheSASeriessession.
Delegatedauthentication:TheSASeriesSSLVPNAppliancedelegatesauthentication
toastandardagent.Ifthisoptionisenabled,theSASeriesSSLVPNAppliancetries
todeterminetheFCCURLassociatedwiththeprotectedresource.TheSASeriesSSL
VPNAppliancethenredirectstheusertotheFCCURLwiththeSASeriessign-inURL
astheTARGET.Uponsuccessfulauthentication,theuserisredirectedbacktotheSA
SeriesSSLVPNAppliancewithanSMSESSIONcookieandtheSASeriesSSLVPN
Appliancedoesanautomaticsign-infortheuser.
Copyright©2012,JuniperNetworks,Inc.
188
JunosPulseSecureAccessServiceAdministrationGuide
C# PDF Field Edit Library: insert, delete, update pdf form field
A best C#.NET PDF document SDK library for PDF form field Able to add text field to specified PDF file position in C# Support to change font size in PDF form.
pdf change font size; batch pdf compression
C# PDF: Use C# Code to Add Watermark to PDF Document
into your C#.NET class application, developers can easily add a transparent watermark with desired font color, size and position onto target PDF document page.
compress pdf; pdf page size may not be reduced
NOTE:
Atthetimeofthisprinting,JuniperNetworkssupportseTrustSiteMinder
serverversion6.0andversion5.5withstandardagentversions6and
5QMR5.Ifyourunolderagentsthanthesupportedagents,youmay
experiencecookievalidationproblems,includingcrossedlogentriesand
intermittentusertimeouts.
YoucanchoosewhicheTrustSiteMinderserverversionyouwanttosupport
whenyoucreateaserverinstance.Youcanchooseversion5.5,which
supportsbothversions5.5and6.0,oryoucanchooseversion6.0,which
supportsonlyversion6.0.ThereisnodifferenceintheSiteMinder
authenticationserverfunctionalitybasedonwhichversionyouselect.This
optiononlycontrolstheversionoftheNetegritySDKtouse.Werecommend
youmatchthecompatibilitymodewiththeversionofthePolicyServer.
WhenyouuseSiteMindertoauthenticate,theprimaryandbackuppolicy
serversmustrunthesameSiteMinderserversoftwareversion.Amixed
deployment(wheretheprimaryserverrunsadifferentserversoftware
versionthanthebackup)isnotsupported.
SiteMinderdoesnotstoretheIPaddressintheSMSESSIONcookie,and
thereforecannotpassittotheSASeriesSSLVPNAppliance.
SiteMindersendstheSMSESSIONcookietotheSASeriesSSLVPN
Applianceasapersistentcookie.Tomaximizesecurity,theSASeriesSSL
VPNApplianceresetsthepersistentcookieasasessioncookieonce
authenticationiscomplete.
WhenyouuseSiteMindertoauthenticate,theSASeriesSSLVPNAppliance
disregardsanySASeriessessionandidletimeoutsandusessessionand
idletimeoutssetthroughtheSiteMinderrealminstead.
WhenyouuseSiteMindertoauthenticate,usersmustaccesstheSASeries
SSLVPNApplianceusingafully-qualifieddomainname.Thisisbecause
theSiteMinderSMSESSIONcookieisonlysentforthedomainforwhichit
isconfigured.IfusersaccesstheSASeriesSSLVPNApplianceusinganIP
address,theymayreceiveanauthenticationfailureandwillbeprompted
toauthenticateagain.
TheSASeriesSSLVPNAppliancelogsanySiteMindererrorcodesonthe
System>Log/Monitoring>UserAccesspage.Forinformationonthe
SiteMindererrorcodes,seetheSiteMinderdocumentation.
189
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
Generate Barcodes in Web Image Viewer| Online Tutorials
Select "Generate" to process barcode generation; Change Barcode Properties. Select "Font" to choose human-readable text font style, color, size and effects;
change font size in pdf text box; 300 dpi pdf file size
VB.NET Image: Visual Basic .NET Guide to Draw Text on Image in .
Please note that you can change some of the example, you can adjust the text font, font size, font type (regular LoadImage) Dim DrawFont As New Font("Arial", 16
change file size of pdf document; adjust pdf size
AuthenticationUsingVariousAuthenticationSchemes
WithinSiteMinder,anauthenticationschemeisawaytocollectusercredentialsand
determinetheidentityofauser.Youmaycreatedifferentauthenticationschemesand
associatedifferentprotectionlevelswitheach.Forexample,youmaycreatetwo
schemes—onethatauthenticatesusersbasedsolelyontheusers’client-sidecertificates
andprovidesthemalowprotectionlevel,andasecondthatusesACESecurIDtoken
authenticationandprovidesusersahigherprotectionlevel.TheSASeriesSSLVPN
ApplianceworkswiththefollowingtypesofSiteMinderauthenticationschemes:
Basicusernameandpasswordauthentication—Theuser’snameandpasswordare
passedtotheSiteMinderpolicyserver.Thepolicyservermaythenauthenticatethem
itselforpassittoanotherserverforauthentication.
ACESecurIDtokenauthentication—TheSiteMinderpolicyserverauthenticatesusers
basedonausernameandpasswordgeneratedbyanACESecurIDtoken.
Client-sidecertificateauthentication—TheSiteMinderpolicyserverauthenticates
usersbasedontheirclient-sidecertificatecredentials.Ifyouchoosethisauthentication
method,theWebbrowserdisplaysalistofclientcertificatesfromwhichuserscan
select.
NOTE:
Ifyouchoosetoauthenticateuserswiththismethod,youmustimportthe
clientcertificateintotheSASeriesSSLVPNAppliancethroughtheSystem
>Certificates>TrustedClientCAstab.
IfyoudonotwanttodisplaythestandardSASeriessigninpagetousers,
youmaychangeitusingthecustomizablesign-inpagesfeature.Formore
information,seetheCustomSign-InPagesSolutionGuide.
SiteMinderclient-sidecertificateauthenticationisseparatefromSASeries
client-sidecertificateauthentication.Ifyouchooseboth,theSASeriesSSL
VPNAppliancefirstauthenticatesusingtheSASeriesconfiguration
parameters.Ifthissucceeds,itthenpassescertificatevaluestoSiteMinder
forauthentication.
DeterminingtheUsername
Withtheavailabilityofdifferentauthenticationschemesandsign-inpoints,theSASeries
SSLVPNAppliancemayobtainausernamefromvarioussources,suchasapolicyserver
header,certificateattribute,orfromtheSASeriessign-inpage.Listedbelowarethe
variousmethodsausermayemploytoaccesstheSASeriesSSLVPNApplianceand
howtheSASeriesSSLVPNAppliancedeterminestheusernameforeach.Whenauser:
SignsinthroughthestandardSASeriessign-inpage—TheSASeriesSSLVPN
AppliancefirstcheckstheusernamethatthepolicyserverreturnedinitsOnAuthAccept
responseheader.IfSiteMinderdoesnotdefineausername,theSASeriesSSLVPN
Applianceusesthenamethattheuserenteredduringsign-in.Otherwise,ifneither
Copyright©2012,JuniperNetworks,Inc.
190
JunosPulseSecureAccessServiceAdministrationGuide
SiteMindernortheuserprovideausernamebecausetheuserauthenticatesusinga
clientcertificate,theSASeriesSSLVPNApplianceusestheUserDNvaluesetbythe
policyserver.
AutomaticallysignsintotheSASeriesSSLVPNApplianceusingSiteMinder
credentials—TheSASeriesSSLVPNAppliancefirstcheckstheusernamethatthe
policyserverreturnedinitsOnAuthAcceptresponseheader.IfSiteMinderdoesnot
defineausername,theSASeriesSSLVPNAppliancecheckstheSMSESSIONcookie.
Otherwise,ifSiteMinderdoesnotpopulatetheresponseheaderorSMSESSIONcookie
withausername,theSASeriesSSLVPNAppliancecheckstheUserDNvalueinthe
SMSESSIONcookie.
OncetheSASeriesSSLVPNAppliancedetermineswhichusernametouse,itsavesitin
itssessioncacheandreferencesitwhenauserwantstoaccessadditionalresources.
ToconsistentlyreturnthecorrectusernametotheSASeriesSSLVPNAppliance,you
shouldconfiguretheOnAuthAcceptresponseontheSiteMinderpolicyserver.
Related
Documentation
ConfiguringSecureAccesstoWorkwithSiteMinder
CreatingaRule/ResponsePairtoPassUsernamestotheSecureAccessServiceon
page196
CreatingaSiteMinderRealmfortheSecureAccessServiceonpage195
CreatingaSiteMinderDomainfortheSecureAccessServiceonpage195
CreatingaSiteMinderAuthenticationSchemefortheSecureAccessServiceonpage193
ConfiguringtheSiteMinderAgentonpage192
ConfiguringSiteMindertoWorkwiththeSecureAccessServiceonpage191
ConfiguringSiteMindertoWorkwiththeSASeriesSSLVPNAppliance
ThefollowingstepsarerequiredtoconfigureaSiteMinderpolicyservertoworkwiththe
SASeriesSSLVPNAppliance.ThesearenotcompleteSiteMinderconfiguration
instructions—theyareonlyintendedtohelpyoumakeSiteMinderworkwiththeSASeries
SSLVPNAppliance.Forin-depthSiteMinderconfigurationinformation,refertothe
documentationprovidedwithyourSiteMinderpolicyserver.
ConfiguretheSiteMinderAgent.
CreateaSiteMinderauthenticationschemefortheSASeriesSSLVPNAppliance.
CreateaSiteMinderdomainfortheSASeriesSSLVPNAppliance.
CreateaSiteMinderrealmfortheSASeriesSSLVPNAppliance.
CreateaRule/ResponsepairtopassusernamestotheSASeriesSSLVPNAppliance.
CreateaSiteMinderPolicyunderthedomain.
Related
Documentation
eTrustSiteMinderOverviewonpage187
ConfiguringtheSiteMinderAgentonpage192
191
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
CreatingaSiteMinderAuthenticationSchemefortheSecureAccessServiceonpage193
CreatingaSiteMinderDomainfortheSecureAccessServiceonpage195
CreatingaSiteMinderRealmfortheSecureAccessServiceonpage195
CreatingaRule/ResponsePairtoPassUsernamestotheSecureAccessServiceon
page196
ConfiguringSecureAccesstoWorkwithSiteMinder
ConfiguringtheSiteMinderAgent
ASiteMinderagentfiltersuserrequeststoenforceaccesscontrols.Forinstance,when
auserrequestsaprotectedresource,theagentpromptstheuserforcredentialsbased
onanauthenticationscheme,andsendsthecredentialstoaSiteMinderpolicyserver.A
WebagentissimplyanagentthatworkswithaWebserver.WhenconfiguringSiteMinder
toworkwiththeSASeriesSSLVPNAppliance,youmustconfiguretheSASeriesSSL
VPNApplianceasaWebagentinmostcases.
NOTE:
IfyouselecttheDelegateauthenticationtoastandardagentoption,you
mustsetthefollowingoptionsintheagentconfigurationobjectofthe
standardWebagenthosttheFCCURL:
<EncryptAgentName=no>
<FCCCompatMode=no>
ToconfiguretheSASeriesSSLVPNApplianceasaWebagentontheSiteMinderpolicy
server:
1.
IntheSiteMinderAdministrationinterface,choosetheSystemtab.
2.
Right-clickonAgentsandchooseCreateAgent.
3.
EnteranamefortheWebagentand(optionally)adescription.Notethatyouneed
toenterthisnamewhencreatingaSiteMinderrealm.
4.
YoumustselecttheSupport5.xagentsoptionforcompatibilitywiththeSASeries
SSLVPNAppliance.
5.
UnderAgentType,selectSiteMinderandthenselectWebAgentfromthedrop-down
list.YoumustselectthissettingforcompatibilitywiththeSASeriesSSLVPN
Appliance.
6.
UnderIPAddressorHostName,enterthenameorIPaddressoftheSASeriesSSL
VPNAppliance.
7.
IntheSharedSecretfield,enterandconfirmasecretfortheWebagent.Notethat
youneedtoenterthissecretwhenconfiguringtheSASeriesSSLVPNAppliance.
8.
ClickOK.
Copyright©2012,JuniperNetworks,Inc.
192
JunosPulseSecureAccessServiceAdministrationGuide
Related
Documentation
eTrustSiteMinderOverviewonpage187
ConfiguringSiteMindertoWorkwiththeSecureAccessServiceonpage191
CreatingaSiteMinderAuthenticationSchemefortheSecureAccessServiceonpage193
CreatingaSiteMinderDomainfortheSecureAccessServiceonpage195
CreatingaSiteMinderRealmfortheSecureAccessServiceonpage195
CreatingaRule/ResponsePairtoPassUsernamestotheSecureAccessServiceon
page196
ConfiguringSecureAccesstoWorkwithSiteMinder
CreatingaSiteMinderAuthenticationSchemefortheSASeriesSSLVPNAppliance
WithinSiteMinder,anauthenticationschemeprovidesawaytocollectcredentialsand
determinetheidentityofauser.
ToconfigureaSiteMinderauthenticationschemefortheSASeriesSSLVPNAppliance:
1.
IntheSiteMinderAdministrationinterface,choosetheSystemtab.
2.
Right-clickonAuthenticationSchemesandchooseCreateAuthenticationScheme.
3.
Enteranamefortheschemeand(optionally)adescription.Notethatyouneedto
enterthisnamewhenconfiguringtheSiteMinderrealm.
4.
UnderAuthenticationSchemeType,selectoneofthefollowingoptions:
BasicTemplate
HTMLFormTemplate
SecurIDHTMLFormTemplate(IfyouareusingSecurIDauthentication,youmust
chooseSecurIDHTMLFormTemplate(insteadofSecurIDTemplate).Choosing
thisoptionenablesthePolicyServertosendACEsign-infailurecodestotheSA
SeriesSSLVPNAppliance).
X509ClientCertTemplate
X509ClientCertandBasicAuthentication
NOTE:
TheSASeriesSSLVPNApplianceonlysupportstheauthentication
schemetypeslistedhere.
YoumustselectHTMLFormTemplateifyouwanttheSASeries
Appliancetohandlere-authentication.
IfyouselectX509ClientCertTemplateorX509ClientCertandBasic
Authentication,youmustimportthecertificateintotheSASeriesSSL
VPNAppliancethroughtheSystem>Certificates>TrustedClientCAs
tab.
193
Copyright©2012,JuniperNetworks,Inc.
Chapter8:AuthenticationandDirectoryServers
5.
Enteraprotectionlevelforthescheme.Notethatthisprotectionlevelcarriesoverto
theSiteMinderrealmthatyouassociatewiththisscheme.
6.
SelectthePasswordPoliciesEnabledforthisAuthenticationSchemeifyouwant
toreauthenticateuserswhorequestresourceswithahigherprotectionlevelthanthey
areauthorizedtoaccess.
7.
IntheSchemeSetuptab,entertheoptionsrequiredbyyourauthenticationscheme
type.
IfyouwanttheSASeriesSSLVPNAppliancetore-authenticateuserswhorequest
resourceswithahigherprotectionlevelthantheyareauthorizedtoaccess,youmust
enterthefollowingsettings:
UnderServerName,entertheSASeriesSSLVPNAppliancehostname(forexample,
sales.yourcompany.net).
SelecttheUseSSLConnectioncheckbox.
UnderTarget,entertheSASeriesAppliancesign-inURLdefinedinthisstep’sfirst
bulletplustheparameter“ive=1”(forexample,/highproturl?ive=1).(TheSASeries
SSLVPNAppliancemusthaveasign-inpolicythatuses*/highproturlasthesign-in
URLandonlyusesthecorrespondingSiteMinderauthenticationrealm.)
NOTE: Whenyousavechanges,ive=1disappearsfromthetarget.This
isOK.Thepolicyserverincludesive=1inthefullauthenticationscheme
URLthatitsendstotheSASeriesSSLVPNAppliance,asyoucansee
intheintheParameterfieldoftheAdvancedtab.
De-selecttheAllowFormAuthenticationSchemetoSaveCredentialscheckbox.
LeaveAdditionalAttributeListempty.
8.
ClickOK.
IfyouchangeaSiteMinderauthenticationschemeonthepolicyserver,youmustflush
thecacheusingtheFlushCacheoptionontheAdvancedtab.
Related
Documentation
ConfiguringSecureAccesstoWorkwithSiteMinder
CreatingaRule/ResponsePairtoPassUsernamestotheSecureAccessServiceon
page196
CreatingaSiteMinderRealmfortheSecureAccessServiceonpage195
CreatingaSiteMinderDomainfortheSecureAccessServiceonpage195
ConfiguringtheSiteMinderAgentonpage192
ConfiguringSiteMindertoWorkwiththeSecureAccessServiceonpage191
eTrustSiteMinderOverviewonpage187
Copyright©2012,JuniperNetworks,Inc.
194
JunosPulseSecureAccessServiceAdministrationGuide
Documents you may be interested
Documents you may be interested