02-03-2009 05:59 AM
I'm new to the IVE and forum so excuse the ignorance. I presently have 2 factor auth.(cert and AD) and SSO to Outlook2007/OWA working great on 6.3R2. I have created a different realm for users that I want to use certificate-only authentication. I cannot get it to work, I still get the login page. Appearently I'm missing something. Can I do SSO with Cert-only auth. ?
Some direction would be appreciated and remember I'm new to the IVE so don't worry about insulting me. All info. is appreciated.
Solved! Go to Solution.
02-03-2009 07:41 AM
Hey Powerman - welcome to the forum - SSO w/certs - three steps:
#1- Create a client side side from your internal cert server and import it into the SA box. This will be the cert that resides on client PCs and that the SA unit will match against. Import is done under the Config/Certs/Trusted Client CA's tab.
#2- Define an auth server for the certificate login process.
#3 - Define a user realm that uses that auth server for the auth process.
Very simple, straightforward - if you run into any issues post away.
02-03-2009 01:58 PM
02-03-2009 02:48 PM - edited 02-03-2009 02:49 PM
1- User cert should be a browser cert
2- Use the auth-server you defined for authentication to the realm. Then user whatever else for authorization / role mapping IE - LDAP....
3- When you downloaded the CA certificate for installing into the IVE did you use an encoding method of
4- Does it read "trusted for client authentication?
If you are still stuck I can send you the documentation (screen shots) that I did for my customers. We are resellers on this product so I put together a high level "how to" for my end user customers.
I am out of the office today but could pull it off my documentation server tomorrow and send it if would help.
02-04-2009 12:19 PM
I'm embarassed to say it but "I'm not smarter than a fith grader". When I read the email you sent I realized that I was forgetting to change my sign-in page so it would not show the login page. If I had entered the realm only it would have worked. Thanks for the assistance and I'll get back to you about the file you sent.
You desrve KUDOS for this and as soon as I find how to do it, I will. Thanks Again
02-04-2009 12:22 PM
You said that "I still get the login page." Are you saying that you cannot login to the IVE with your certificate realm or that the SSO is not working and you get the OWA login page?
Make sure that your browser contains the correct Certificate Authorities and the "Trusted Client CA" in the IVE is set to allow Client Authentication
01-26-2010 11:39 AM
Wondering if you'd be able to shoot me a copy of your how-to/screenshot document for setting up Certificate authentication on the SSL platform. I've not done it before and it sounds like your doc would be a great help.
Thanks in advance.
01-26-2010 02:18 PM
Sure - send me your email via private message and I will shoot you a copy.
03-10-2010 08:52 AM
Check your inbox!
09-09-2010 11:38 AM
Hey Mike - I have been absent from the Forums for the last few weeks - stuck deep in a data center doing a big install. I am emailing you the document today in case it will still be helpful.
12-06-2010 04:29 PM
Sure - send me your email address via the private message feature and I will shoot it out to you tomorrow.