Table of Contents
Advertisement
Key server address: Enter the Pubcookie key server IP address.
5.
Port: Enter port on which the Pubcookie key server is communicating.
6.
The default value is 2222.
7.
BSC SSL client certificate: Select the digital certificate to use to validate cookies from
the login server from the drop-down menu.
Trusted CA certificates: Add the trusted certificate authority certificate(s) the BSC is to
8.
use from the Available CA certificates list.
Note: See "Digital Certificates" on page 10-20 for information about uploading
digital certificates to the BSC.
Accounting
To enable RADIUS accounting for this server, select the name of the external RADIUS
accounting server from the Accounting server drop-down list.
See "RADIUS Accounting" on page 7-1 to configure a new RADIUS accounting server for
selection in the drop-down list.
Alternatively, you can select the Create... option to open a window that enables you to
configure a new RADIUS accounting server. After you save the server information, you
are returned to the New Pubcookie server page where you can select the RADIUS
accounting server from the drop-down list.
Mapping
1.
Define the rules to determine if the user is authenticated.For each rule:
Pubcookie
a)
attributes to
b)
roles
c)
d)
2.
Optional. Use the commands included in the Row Management drop-down list to
change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.
Remember, the BSC evaluates rules in the order in which they are listed here on the
New Pubcookie server page.
3.
Select the default user role from the Default role drop-down list. The selected default
role is the role the BSC assigns the user if none of rules is true.
Alternatively, select an LDAP/Active Directory authentication server from the Using
LDAP/Active Directory Server drop-down list to resume rules checking using the rules
configured for the selected LDAP/Active Directory authentication server.
Location
Optional. Specify the user location from which the Pubcookie authentication request must
originate by selecting a defined user location from the drop-down menu. If a user location
is specified, the authentication request will not be attempted if the request does not come
from that location.
Notes
Optional. Enter a meaningful description for the external Pubcookie authentication server.
Saving the
Click Save to store the information to the BSC database or Save and create another to
settings
continue to define external Kerberos authentication servers.
BlueSecure™ Controller Setup and Administration Guide
Enter the appropriate Pubcookie attribute in the Attribute field.
Select the appropriate logic operator (equal to, not equal to, starts with, ends
with, contains, or [is a role]) from the Logic drop-down list.
Enter the appropriate value to check against the specified attribute in the Value
field.
Select the role to assign to the user if the rule evaluates as true and the user is
authenticated from the Role drop-down list.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2 to
define a new role available for selection in the drop-down list.
Alternatively, you can select the Create New... option to open a window that
enables you to define a new role. After you save the role information, you are
returned to the New Pubcookie server page where you can select the role from
the drop-down list.
Pubcookie Authentication
6-29
Advertisement
Table of Contents
