Table of Contents
Advertisement
Chapter 6: Authentication Using External Servers
c)
d)
Optional. Use the commands included in the Row Management drop-down list to
2.
change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.
Remember, the BSC evaluates rules in the order in which they are listed here on the
New CAS server page.
Select the default user role from the Default role drop-down list. The selected default
3.
role is the role the BSC assigns the user if none of rules is true.
Alternatively, select an LDAP/Active Directory authentication server from the Using
LDAP/Active Directory Server drop-down list to resume rules checking using the rules
configured for the selected LDAP/Active Directory authentication server.
Location
Optional. Specify the user location from which the CAS authentication request must
originate by selecting a defined user location from the drop-down menu. If a user location
is specified, the authentication request will not be attempted if the request does not come
from that location.
Notes
Optional. Enter a meaningful description for the external CAS authentication server.
Saving the
Click Save to store the information to the BSC database or Save and create another to
settings
continue to define external CAS authentication servers.
You may be prompted to restart the BSC. We recommend that you do not restart the BSC
until you have completely finished configuring the BSC for use in your network.
iPass Client Authentication
iPass, Inc. has created a virtual network of thousands of Wi-Fi hotspots deployed in
airports, hotels, coffee shops and other public locations. Users who wish to access an
iPass hotspot must run iPass client software on their wireless device.
The Bluesocket BSC is iPass-client aware. iPass clients may attempt to log into any BSC.
The BSC will attempt to authenticate an iPass client against an external RADIUS server
that has been configured on the BSC with the word "iPass" in its Name. Note that "iPass"
must spelled using the case shown.
If an external RADIUS server with the word "iPass" in its Name has not been configured
on the BSC, the BSC will not allow the iPass client to log in.
See "RADIUS Authentication" on page 6-2 for details about configuring an external
RADIUS server to authenticate BSC users including iPass clients.
Transparent Certificate Authentication
Wireless clients setting up an IPSec tunnel to the BSC can use a digital certificate to
authenticate the tunnel. You can configure the BSC to transparently authenticate users
directly into a role based on the presented certificate or to parse the certificate for
specified data and then use this data to transparently authenticate the user against an
external LDAP server.
6-32
Enter the appropriate value to check against the specified attribute in the Value
field.
Select the role to assign to the user if the rule evaluates as true and the user is
authenticated from the Role drop-down list.
See "Defining User Roles to Enforce Network Usage Policies" on page 8-2 to
define a new role available for selection in the drop-down list.
Alternatively, you can select the Create New... option to open a window that
enables you to define a new role. After you save the role information, you are
returned to the New CAS server page where you can select the role from the
drop-down list.
Advertisement
Table of Contents
