Fortinet black logo

Administration Guide

Home FortiWeb 7.4.2 Administration Guide
7.4.2
7.4.3
7.4.2
7.4.1
7.4.0
7.2.8
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.10
7.0.9
7.0.8
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.2
6.4.1
6.4.0
6.3.23
6.3.19
6.3.18
6.3.17
6.3.16
6.3.15
6.3.14
6.3.13
6.3.11
6.3.10
6.3.9
6.3.7
6.3.6
6.3.5
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.5
6.2.4
6.2.3
6.2.2
6.2.1
6.2.0
6.1.2
6.1.1
5.7.0
5.6.1
5.6.0
5.6.0

Adding servers to an authentication server pool

Adding servers to an authentication server pool

When you configure a site publishing rule that offloads authentication for a web application to FortiWeb, you use an authentication server pool to specify the method and server that FortiWeb uses to authenticate clients.

The pool can contain one or more servers that use either LDAP or RADIUS to authenticate clients. You add LDAP or RADIUS servers to an authentication server pool using the queries that correspond to the servers. For details, see Adding servers to an authentication server pool and Adding servers to an authentication server pool).

FortiWeb attempts to authenticate clients using the server at the top of the list of pool members, and then continues to the next member down in the list if the authentication is unsuccessful, and so on. You can use the list options to adjust the position of each item in the list.

To configure an authentication server pool
  1. Go to Application Delivery > Site Publish > Authentication Server Pool.
  2. Click Create New, enter a name for the pool, and then click OK.
  3. Click Create New and complete the following settings:
    4. Authentication Validation Method

    Select whether this pool member uses LDAP or RADIUS to authenticate clients.

    LDAP Server

    or

    RADIUS Server

    		 Select the name of the authentication query that FortiWeb uses to pass credentials to your authentication server.
    RSA SecurID

    Select to enable client authentication using a username and a RSA SecurID authentication code only. Users are not required to enter a password.

    When this option is enabled, the authentication delegation options in the site publish rule are not available.

    For details, see RSA SecurID authentication.

    Alternatively, you can use the default two-factor authentication feature to require users to enter a username, password, and a RSA SecurID authentication code.

    For details, see Two-factor authentication.
  4. Click OK.
  5. Add any other additional servers you want in the pool.
  6. To use the pool, select it when you configure a site publish rule. For details, see Offloaded authentication and optional SSO configuration
Previous
Next

Adding servers to an authentication server pool

When you configure a site publishing rule that offloads authentication for a web application to FortiWeb, you use an authentication server pool to specify the method and server that FortiWeb uses to authenticate clients.

The pool can contain one or more servers that use either LDAP or RADIUS to authenticate clients. You add LDAP or RADIUS servers to an authentication server pool using the queries that correspond to the servers. For details, see Adding servers to an authentication server pool and Adding servers to an authentication server pool).

FortiWeb attempts to authenticate clients using the server at the top of the list of pool members, and then continues to the next member down in the list if the authentication is unsuccessful, and so on. You can use the list options to adjust the position of each item in the list.

To configure an authentication server pool
  1. Go to Application Delivery > Site Publish > Authentication Server Pool.
  2. Click Create New, enter a name for the pool, and then click OK.
  3. Click Create New and complete the following settings:
    4. Authentication Validation Method

    Select whether this pool member uses LDAP or RADIUS to authenticate clients.

    LDAP Server

    or

    RADIUS Server

    		 Select the name of the authentication query that FortiWeb uses to pass credentials to your authentication server.
    RSA SecurID

    Select to enable client authentication using a username and a RSA SecurID authentication code only. Users are not required to enter a password.

    When this option is enabled, the authentication delegation options in the site publish rule are not available.

    For details, see RSA SecurID authentication.

    Alternatively, you can use the default two-factor authentication feature to require users to enter a username, password, and a RSA SecurID authentication code.

    For details, see Two-factor authentication.
  4. Click OK.
  5. Add any other additional servers you want in the pool.
  6. To use the pool, select it when you configure a site publish rule. For details, see Offloaded authentication and optional SSO configuration
Previous
Next