Juniper NETWORK AND SECURITY MANAGER 2010.4 - CONFIGURING SECURE ACCESS DEVICES GUIDE REV 01 Manual page 240

Configuring Secure Access Devices Guide
Table 60: Basic Authentication, NTLM, or Kerberos Intermediation Policy
Options
General tab
Name
Description
Resources
Applies to roles
Authentication Type
Label
Fallback to NTLM V1
Fallback to NTLM V2
Fallback to Kerberos
Roles tab
Roles
222
Click the New icon to configure the options as described in Table 60 on page 222.
4.
Click OK to save the changes.
5.
Your Action
Enter a name to label the policy.
Enter a description for the policy.
Enter the resource name to which this policy applies.
Select any of the following options from the drop-down list:
All—Allows you to apply this policy to all users.
Selected—Allows you to apply this policy only to users who are mapped to roles in the
Members list. In the Roles tab, you must add roles as members, from the Non-members
list.
Except those selected—Allows you to apply this policy to all users except for the users
who map to the roles in the Members list.
Select any of the following options from the drop-down list:
Disable SSO—Specifies that the device disables the automatic SSO authentication for
this user role, and prompts the user for sign-in credentials.
Basic Authentication—Specifies that the device uses the basic authentication
intermediation method to control the SSO behavior.
Disable Intermediation (Not valid for web proxies)—Specifies that in selecting this
option, the device does not intermediate the challenge or response sequence.
NTLM Authentication—Specifies that the device uses the Microsoft NTLM intermediation
method to control the SSO behavior.
Kerberos Authentication—Specifies that the device uses the Kerberos intermediation
method to control the SSO behavior.
Constrained Delegation—Specifies that the device uses the constrained delegation
intermediation method to control the SSO behavior.
Detailed Rules—Allows you to specify one or more detailed rules for this policy.
Enter a label name for the basic, NTLM, or Kerberos authentication types, and the
constrained delegation.
Select the Fallback to NTLM V1 check box to enable this option.
Select the Fallback to NTLM V2 check box to enable this option.
Select the Fallback to Kerberos check box to enable this option.
Select roles to access resource policies.
NOTE: This tab is enabled only when you select Selected or Except those selected from
the Applies to roles drop-down list.
Copyright © 2010, Juniper Networks, Inc.