But other products doing sso without putting proxy in browsers, like barracuda and watchguard..!! How they do...??? because its very difficult when your mostly users are laptop users and they are also using 3gcards and internet at home...!!
After a quick review of the documentation for the products listed, they cannot do this. For example, Watchguard requires that Agent software be installed on the client computer for SSO to function.
If you believe that the documentation for these products are wrong, then do some research and post back your findings.
__________________ ACE v8/SCA v9.3
...still have a v5 install disk in a box somewhere.
But other products doing sso without putting proxy in browsers, like barracuda and watchguard..!! How they do...??? because its very difficult when your mostly users are laptop users and they are also using 3gcards and internet at home...!!
After a quick review of the documentation for the products listed, they cannot do this. For example, Watchguard requires that Agent software be installed on the client computer for SSO to function.
If you believe that the documentation for these products are wrong, then do some research and post back your findings.
__________________ ACE v8/SCA v9.3
...still have a v5 install disk in a box somewhere.
Scott is right; "SSO" is implemented on systems with browsers that are not configured with proxy settings via a locally-installed agent. Either that, or the end user has to log into a web page (splash page) before accessing the protected resources.
CTO, Convergent Information Security Solutions, LLC
Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries. Use the advice given at your own risk.
I can tell you how barracuda does it - and I wish Astar would do it this way.
With Baracuda you install an agent on your Domain Controller and enble event log auditing of logon/logoff events.
The agent monitors the event log on the DC for these audit events which contain the username and ip address - the agent then relays this information to the web filter. The web filter maintains a list of users it has seen and at what ip addresses (for instance a user culd be logged in at a few different computers).
The user ip association either expires after 24 hours or is removed if a logoff event is seen. The association is renewed if new logon events are seen.
If for some reason a user logon is not picked up and the ip is unrecognized, the web filter will prompt for a username and password at that point.
It's not perfect (for instance Citrix environments need to enable virtual ip addressing for user sessions) but it wotks very smoothly and is completely transparent to the end user - no proxy settings and browser independence!
I actually have a Barracuda 310 that I had replaced with the Astaro when we became a partner almost a year ago. I'm seriously considering going back to the Barracuda for web filtering just on this feature alone.
It's also alot easier to deploy than user agents on every workstation. Which leads me to a question.. how come I have to choose between Agent or Browser auth? Why can't I have both? If the user has the agent installed then they should be good to go.. if they do not have the agent and is not recognized then at that point they should receive a browser login screen.
