[VPN] SSL VPN and radius authentication
shannong
shannon at gillenwater.name
Wed Jun 23 13:45:37 EDT 2004
The Juniper/Netscreen/Neoteris SA has two options for this. To simply pass a
username only, you could just create a bookmark for the appropriate group of
users that said http://mysite.com?username=<username>. The appliance would
then simply substitute the users name when calling the URL.
It has a more sophisticated SSO option for form pages and other types. You
can definitely pass credentials using by substituting the user's name and
password as input tags for when using the POST method.
The username and password being passed do not need to be the same as the
login for the VPN portal. Other attributes can be queried via RADIUS or
LDAP and passed as well. The appliance supports variables to pass other
items like an OU, groupname, etc.
_____
From: vpn-bounces+shannong=texas.net at lists.shmoo.com
[mailto:vpn-bounces+shannong=texas.net at lists.shmoo.com] On Behalf Of
François-Eric Guyomarch
Sent: Tuesday, June 22, 2004 9:23 AM
To: 'vpn at lists.shmoo.com'
Subject: [VPN] SSL VPN and radius authentication
All,
I am looking for an SSL VPN solution that can adress the following
requirements:
1. Can support delegation of authentication to RADIUS
servers(multiples for failover)
2. Can support external group definition(RADIUS attribute or LDAP)
3. Can support user identification forwarding to backend
application. a.k.
user johndoe connects to http://mysite.com
SSL VPN authenticates johndoe to RADIUS server
SSL VPN connects user to backend application passing
username in URL : http://mysite.com?username=johndoe
Obviously lots of SSL VPn support 1. and 2. but I am having a hard time
finding SSL VPN solution that can do 3. I have found F5 firepass only so far
Does anyone knows of other possible solution?
thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/vpn/attachments/20040623/b97609c3/attachment.htm
More information about the VPN
mailing list