Home > 8e6 Tier3 Web Authentication URL

8e6 Tier3 Web Authentication URL

Tags:  

Overview

8e6 web-based authentication comes in two flavors:  

  1. Tier 2:   time-based profiles.
  2. Tier 3:   session-based profiles.   This uses JAVA applet.

Details 

The following is a template for Tier-3 Web Authentication.

https://<R3000_mgmt_IP>:8081/AuthenticationServer/AuthenticationForm.jsp?URL=<URL_after_auth>&IP=<workstation_IP>

Example:

https://8e6tech.dirsec.com:8081/AuthenticationServer/AuthenticationForm.jsp?URL=http://www.cnn.com/&IP=10.0.0.42


Deployment Considerations

  1. The R3000 authentication SSL certificate should be issued to host agnostic CN value (ie.  don't specify specific host).    This is done because the certificate could reside on any R3000 host under fail-over/DR scenarios.   Suggestion:  issue SSL certificate to "webauth.yourdomain.com".     The value used for SSL cert CN value should be DNS CNAME (alias) to 8e6 R3000 hostname.    The 8e6 R3000 web-auth SSL certificate setup found at R3000:// System tab // Authentication // Authentication SSL Certificate.
  2. The "IP" section of authentication URL specifies the workstation where user resides.    This value must be queried from HTTP headers in order for authentication URL to be generated.   
  3. The dynamic generation of authentication URL (with workstation IP address) can be accomplished via straight-forward server-side script leveraging ASP, PHP, or CGI/PERL.  
  4. Specifically, the server-side script needs to capture the HTTP header value "REMOTE_ADDR" and incorporate into URL detailed above.

Example Tier3 Authentication Badge

Note:  the URL the Java applet maintains connection to the R3000 virtual authentication IP (ie. VIP).





 RSS of this page