Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 4 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 4526 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Moving from SG to XG and trying to figure out best authentication method

ThomasRandolph

With the SG, it was joined to the domain and authentication on domain joined computers was painless. I am finding the methods offered on the XG not quite on par. I am looking for SSO and currently working with STAS, however, STAS requiring a logon does not work for our environment. I have numerous users, including myself, that lock our workstation instead of logging off. We also have a relatively large Apple Base (iPads and Macbooks) which STAS will not work since they do not authenticate to the domain. I would like to avoid using the Auth Client since it is another login and with lab computers can be troublesome. I am possibly considering web auth, but again another login and having to keep the window open to remain identified. Any experience or advice is appreciated.



This thread was automatically locked due to age.
  • 0

    Hi Thomas,

    If you choose to not preserve the Captive Portal after login, then you do not need to worry about keep the window open after a successful web login. Go to, Authentication | Services | Web Policy Actions for Unauthenticated Users (Captive Portal) | preserve the Captive Portal after login = No.

    Hope that helps.

  • 0 in reply to sachingurung

    How then does it persist the client? Based on the documentation, It suggests not using http keep alive with too many requests.

  • 0 in reply to sachingurung

    The option to preserve the Captive Portal After Login is not na option on 17.0.8 MR-8.  This is what I see:

    Web Policy Actions for Unauthenticated Users (Captive Portal)
    Prompt unauthenticated users to log in YesNo ( Display regular User Notification )
    Login prompt method
    Include link to the Captive Portal in the User Notification message
    Display a custom message
    Page Header Image DefaultCustom   (Size: 700 x 80 Pixels)
    Page Footer Image DefaultCustom   (Size: 700 x 80 Pixels)
    Custom Message HTML Input
     
    Blink Custom Message
     
  • 0

    Relatively large Apple Base (iPads and Macbook's) which STAS will not work.

     

    We use RADIUS SSO and Enterprise WiFi and have all the Apple / Androids authenticate in the XG from their Wireless Credentials.

    We also use HTTPS scanning so you need to push the XG certificate to all devices which is a bit of a downer.

     

    Or if thats not of concern you can add them to a bypass in the firewall so they skip HTTPS scanning and the issue goes away.