Table of Contents
Advertisement
Chapter 6: Authentication Using External Servers
Displaying the
Click the User authentication tab in the BSC administrator console.
1.
New Cosign
2.
Select External Cosign Authentication from the Create drop-down list on the User
server page
authentication page.
The New Cosign server page appears as shown in Figure 6-10.
Enable server
The Enable checkbox is marked by default to make the server available for user
authentication.Name
Enter a meaningful name for the external Cosign authentication server.
Precedence
Select a priority from the drop-down list.
Cosign server
1.
Cosign login only (Optional): Mark this checkbox to present users with the Cosign
settings
login screen.
Leave this option unchecked to present users with a customized login screen.
Service name: Enter a descriptive service name for the Cosign server.
2.
Redirect URL: Enter the redirect URL for the Cosign server.
3.
4.
Error Redirect URL: Enter the error redirect URL for the Cosign server.
Logout URL (Optional): Enter the complete logout URL for the Cosign server.
5.
Check Client IP Address? (Optional): Mark this checkbox to verify user addresses.
6.
Leave this option unchecked if you are running NAT on the BSC.
7.
Server address: Enter the Cosign server's IP address or DNS name.
Port: Enter number on which the Cosign server communicates. The default value is
8.
6663.
BSC SSL client certificate: Select the digital certificate the BSC is to present to SSL
9.
clients for mutual authentication from the drop-down menu.
10.
Trusted CA certificates: Add the trusted certificate authority certificate(s) the BSC is to
use from the Available CA certificates list.
Note: See "Digital Certificates" on page 10-20 for information about uploading
digital certificates to the BSC.
Accounting
To enable RADIUS accounting for this server, select the name of the external RADIUS
accounting server from the Accounting server drop-down list.
See "RADIUS Accounting" on page 7-1 to configure a new RADIUS accounting server for
selection in the drop-down list.
Alternatively, you can select the Create... option to open a window that enables you to
configure a new RADIUS accounting server. After you save the server information, you
are returned to the New Cosign server page where you can select the RADIUS
accounting server from the drop-down list.
Mapping
1.
Define the rules to determine if the user is authenticated.For each rule:
Cosign
a)
attributes to
b)
roles
c)
d)
6-26
Enter the appropriate Cosign attribute in the Attribute field.
Select the appropriate logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the Logic drop-down list.
Enter the appropriate value to check against the specified attribute in the Value
field.
Select the role to assign to the user if the rule evaluates as true and the user is
authenticated from the Role drop-down list.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2 to
define a new role available for selection in the drop-down list.
Advertisement
Table of Contents
