Stormshield SN series Configuration Manual page 58

Allow web enrolment
for users
Allow web enrolment
for users and create
their certificates
Notification of a new enrolment
This option allows new enrolled users to be informed of the creation of their accounts in the user
database.
Do not send any e-mail By default, the drop-down list will show that no e-mails will be sent to the
User
Prohibit simultaneous
authentication of a
user on multiple hosts
Expiry of the HTTP cookie
Managing cookies for user authentication on the firewalls allows securing authentication by
preventing replay attacks for example, given that the connection cookie is necessary in order to
be considered authenticated.
Cookies are indispensable for allowing several users to authenticate from the same IP address.
These IP addresses have to be entered in the list of Multi-user objects (Authentication policy
tab).
NOTE
This option affects all methods except the SSO agent, which does not support multi- user
authentication.
The web browser negotiates cookies, therefore if authentication is carried out with Internet
Explorer, it will not be effective with Firefox or other web browsers.
At the end of the
authentication period
When a session is shut
down
Do not use (not
recommended)
Conditions of use for internet access
Enable the display of
the conditions of use
for internet access
NOTE
Page 58/448
A user account has to be created in order for this option to be functional.
If this option is selected, any user who attempts to connect and who does not exist in
the user database will be able to request the creation of his account by filling in a web
form. The administrator will then be able to confirm or deny his request.
If this option is selected, users will not only be able to request the creation of their
accounts if they do not exist in the user database, but they will also be able to
request the creation of a certificate.
administrator to inform him of enrolment requests.
You can also define a group of users to whom enrolment requests will be sent in the
menu Notifications\E-mail alerts\ Recipients tab.
Once this group has been created, it will automatically be included in the drop-down
list and will be able to receive requests if you select it.
This option makes it possible to prevent a user from authenticating on several
computers at the same time.
By enabling this option, his multiple requests will automatically be denied.
The HTTP cookie expires by default At the end of the authentication period, meaning
that it is negotiated only once throughout the whole duration of the authentication.
The cookie will be negotiated every time a request is sent to your web browser.
It is possible to function without using the HTTP cookie, but this option is not
recommended as it compromises the security of the authentication.
Through this option, Conditions of use for internet access, also known as a Disclaimer,
can be shown to the user. The user must indicate his agreement to the terms by
selecting the relevant checkbox before being able to authenticate.
These conditions can be customized in the "Captive portal" tab.
SNS - USER CONFIGURATION MANUAL V.3
sns-en-user_configuration_manual-v3 - Copyright © Stormshield 2016
AUTHENTICATION