Defining A Basic Authentication, Ntlm, Or Kerberos Intermediation Resource Policy (Nsm Procedure) - Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual

Table 59: Configuring Basic, NTLM, and Kerberos Resources (continued)
Options
Username
Password
Variable Password
Pattern
Related
Documentation
Defining a Basic Authentication, NTLM, or Kerberos Intermediation Resource Policy
(NSM Procedure)
Copyright © 2010, Juniper Networks, Inc.
Your Action
Enter the account username. If you select Variable as the credential type, you can
enter the username token.
Enter an account password.
Enter the password token if you select Variable as the credential type.
Enter the hostnames mapped to the Kerberos realm. You can enter wildcard
characters, such as *.y.com, *.kerber.net, or *.* .
Defining a Basic Authentication, NTLM, or Kerberos Intermediation Resource Policy
(NSM Procedure) on page 221
Configuring a SAML Access Control Resource Policy (NSM Procedure) on page 223
Configuring SAML SSO Artifact Profile Resource Policy (NSM Procedure) on page 226
Basic authentication, NT LAN Manager (NTLM), or Kerberos intermediation resource
policies enable you to control NTLM and Kerberos intermediation on the Secure Access
device. If a user accesses a Web resource that sends a basic authentication challenge,
the device intercepts the challenge, displays an intermediate sign-in page to collect the
credentials for the Web resource, and then rewrites the credentials along with the entire
challenge or response sequence.
With the Kerberos intermediation resource policy, backend Web applications protected
by Kerberos are accessible to end users. For example, a user logs in to the device using
Active Directory as the authentication server and the authentication protocol is Kerberos.
When the user browses a Kerberos-protected server, the user is single signed on to the
backend server and is not prompted for any credentials. A user logs in to the device using
an authentication protocol other than Kerberos and then browses a Kerberos-protected
server. Depending on the Kerberos intermediation resource policy settings and the
configured Kerberos authentication server, the user is either authenticated by the system
or is prompted to enter a username and password.
To define a basic authentication, NTLM, or Kerberos intermediation resource policy:
In the navigation tree, select Device Manager > Devices.
1.
Click the Device Tree tab, and then double-click the Secure Access device for which
2.
you want to configure a basic, NTLM, or Kerberos intermediation resource policy.
Click the Configuration tab. Select Users > Resource Policies > Basic Auth/NTLM
3.
SSO.
Chapter 14: Configuring Single Sign-On
221