Set up AD and id authenticates against W28K AD id and password. Getting SSO to work, a problem. Setup the sso in Authentication page in Web Security. All Tests pass.
Changed Host name on astaro to fw1.***.com changed proxy settings to list fw1.***.com on port 8080
When going to a url other than bypass proxy server or in default content filter list (Whitelist mode), the client asks for userid and password.
I have added a test account on active directory, placed it in a ou with the computer account in order to run a gpo which works on the computer and user.
Active directory group is backended and test user in that group.
AD authentication works as I have put the test account in that group and put that active directory group in the filter assignments for the general profile. I have several filter assignments and filter actions defined in the general profile. It does not run in transparent mode unless it falls through the general profile and its fallback profile is the default content profile.
My filter actions and filter assignments are part of the general profile. The classes are managers (blacklisted), managers with personal email (blacklisted), unrestricted (blacklisted). Each of these categories have a filter assignment for local authentication and a separate active directory group.
This is to help the migration of accounts from local to ad authentication.
I noticed the profiles are established as a local authentication. There is another option that sets the profile as a AD SS). When I created a profile for the AD SSO and put it in the second position in the profile list. All the users were blocked by proxy even when they used the correct local userid and password. I removed it and all went back to normal.
Question is there is not much documentation with sso, AD and Profiles. Should I add a new profile, set it in a lower position than my current active pfofiles and set it as AD SS) with a special filter assignment used only for AD std users?
Also on the AD SSO setup in Authentication area, the AD SSO sets up by supposedly adding a fw1 entry in the AD DNS forward looking zone. When I removed the manually entered fw1 in the AD DNS and than respecified it in the AD SS) area, it didn't add the entry? What's up with that?
This thread was automatically locked due to age.
