Secure Mobile Access 12.4 Administration Guide

Technical Documentation> Administration> Security Administration> Creating and Managing Resources> Creating Forms-Based Dynamic Single Sign-On Profiles

Secure Mobile Access 12.4.3
Introduction
- About Secure Mobile Access
Installation
- Installation and Initial Setup
Management
- Working with Appliance Management Console
- User Management
Authentication
- Network and Authentication Configuration
Administration
- Security Administration
  - Creating and Managing Resources
    Resource Types
    Built-In Resources
    Secure Mobile Access WorkPlace (Resource Type: URL)
    Connect Tunnel (Resource Type: URL)
    Network Explorer (Resource Type: Network Share)
    Web Resources
    Client/Server Resources
    File Share Resources
    Resources and Resource Groups
    Viewing Resources and Resource Groups
    Adding Resources
    Example: Specifying a URL Alias
    Example: Blocking Email Attachments
    Example: Supporting Exchange on iPhones
    Example: Restricting Access to Sensitive Data
    Editing Resources
    Deleting Resources
    Configuring a Resource as a SharePoint Web Service
    Exclusions
    Using the Exclusions
    Using Variables in Resource and WorkPlace Shortcut Definitions
    Using Session Property Variables
    Using Query-Based Variables
    Creating a Resource Pointing to Users’ Remote Desktops
    Creating a WorkPlace Link Giving Users Access to Their Remote Desktops
    Creating a Variable Containing a Variable
    Modifying Query Results
    Displaying a Series of Shortcuts Using a Single Definition
    Creating and Managing Resource Groups
    Adding Resource Groups
    Example: Working with a URL Redirect
    Editing, Deleting and Copying Resource Groups
    Web Application Profiles
    Viewing Web Application Profiles
    Adding Web Application Profiles
    Preconfigured Web Application Profiles
    Web Application Profile Examples
    How Requests for Web Resources are Evaluated
    Associating one profile with an entire domain
    Editing and Deleting Web Application Profiles
    Configuring a Single Sign-On Authentication Server
    Forms-Based Single Sign-On
    Basic Authentication Forwarding
    NTLM Authentication Forwarding
    Creating Forms-Based Dynamic Single Sign-On Profiles
    Dynamic SSO Profile for Microsoft RDWeb
    Configuring Microsoft RD Web Access in AMC
    Creating Dynamic SSO Profile for Microsoft Remote Desktop Web Client
    Creating Web Application Profile
    Creating RDWeb URL resource with custom access
    Adding RDWeb in start page
    Dynamic SSO Profile for Citrix XenApp
    Configuring Citrix XenApp in AMC
    Creating Dynamic SSO Profile for Citrix XenApp
    Creating Web Application Profile
    Creating Citrix XenApp URL resource with custom access
    Adding Citrix Xenapp in start page
    Kerberos Constrained Delegation
    Configuring Kerberos Constrained Delegation
    Configuring SMA Support for Microsoft Outlook Anywhere
    Viewing User Sessions
  - Access Control Rules
    Configuring Access Control Rules
    Viewing Access Control Rules
    Access Control Rules for Bi-Directional Connections
    Requirements for Reverse and Cross-Connections
    Securing Application Ports for Reverse Connections
    Adding Access Control Rules for a Forward Connection
    Specifying Advanced Access Control Rule Attributes
    Adding Access Control Rules for a Reverse Connection
    Adding a Pair of Access Control Rules for a Cross-Connection
    Configuring Advanced Access Control Rule Attributes
    Access Methods and Advanced Options
    Adding Users and Resources From Within Access Control Rules
    Editing, Copying, and Deleting Access Control Rules
    Resolving Deny Rule Incompatibilities
    Resolving Invalid Destination Resources
    Invalid Resource Examples
- System Administration
End Point Control
Components
Mobile Connect
- Using SMA with Mobile Connect
Appendix
SonicWall Support
- About This Document

Creating Forms-Based Dynamic Single Sign-On Profiles

Use AMC to set up a single sign-on profile that will forward a user’s appliance credentials to a Web application that uses forms-based authentication.

To create a form based dynamic single sign-on profile

In the AMC, navigate to System Configuration > Services.
In the Access Services section, click the Configure link under Web proxy service.

The Web Proxy Service page displays.
Click the Dynamic Single Sign-On Profiles tab.
Click the + (New) icon.

The Dynamic Single Sign-On Profile page displays.
1. Type a Name and Description.
2. Select the applicable application from the Application list. (To start from scratch and specify elements from a custom form, select Other).
3. In the Username input element field, enter name or id of the input element that takes the username for logging in. The value for this element will be same as what user need to enter for VPN login.
  If the login form needs more than username/email and password, use the “Additional Form Elements” section to configure them.
  Do not configure password element, it will be automatically detected.
In the Additional Form Elements section, click the + icon.
1. In the Form Element field, enter the input element with which an user will interact.
2. In the Map To This Value drop-down, select the value for which the form element to be mapped.
3. Click OK.
In the Advanced section, enter name or id of the submit button that is used to submit the form in the Login /Submit button field.

The Submit field is optional. When not configured it is automatically detected. Leave this field empty and update it only when auto-detect is not correctly identifying it.
1. In the URLs of login page field, enter the relative URLs without host or IP address. Enter each URL in a separate line.
  
  The URLs of login page field is optional and can be left empty. Use it only when auto-detection of login page fails.
2. In the Login detection drop-down, select the detection option of the URL and enter the respective value.
  - Cookie- Select this option only if the web application sets a cookie when the login is successful. Set the value as name of the cookie. Example: JSESSIONID
  - URL Redirection- Select this option only if the web application redirects the user to a different page on successful login. Set the value as partial URL that will match the redirected URL. Example: /home.action
  - Header-Select this option only if the web application sets a response header on successful login. Set the value as name of the response header. Example: X-Session-Id
  - Status code-Select this option only if the web application sends a distinct HTTP status code as response to login request. Set the value as HTTP status code. Multiple values can be configured using comma as delimiter.
3. In the Login experience drop-down, allows you to specify when the user will be automatically logged into the web application Select the following login form behavior based on the resource application:
  - Always login (fill and submit) to fill and submit the login form automatically every time. Suitable for most applications. Do not use if application shows login page immediately after logging out.
  - Always fill (but do not submit) to fill the login form with credentials every time the login page is shown to the user. But the login form will not be submitted automatically. User can manually click the login/submit button if they intend to login.
  - Login once then fill to fill and submit the login form automatically the first time. If the login page is shown after logging out of the application, login form will filled with credentials but not submitted automatically. User can manually click login/submit button to login if needed. Suitable for application showing login page immediately after logging out.
  - Login once to fill and submit the login form automatically the first time only. Subsequent login page will not be automatically logged in or filled.
Select Send credentials to client check box if username/password is encoded or encrypted by web application when submitting the login credentials.
Unselect the Hide login page check box if user credentials need to submitted without reloading the page.
Click Save.

Assign this Dynamic Single Sign-On Profile to appropriate Web Application Profile of a resource. When configured, user’s credentials are automatically sent to the back-end server when the user reaches login page and user gets automatically logged in.

For information on configuring SSO for a Web application that uses Windows NTLM or basic authentication, see Web Application Profiles.

< Prev Section

Next Section >

Secure Mobile Access 12.4 Administration Guide

Table of Contents

Creating Forms-Based Dynamic Single Sign-On Profiles