This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

browser authentication login page

I managed the browser authentication , it's working :)

but when the user authenticate he can't logout.

how can the user logout ?

Also i want the login page to appear when the user open the browser.

I want the user to logout automaticly when he close the browser, and , I want when he open the browser the login page appears .

how to do that ?

is that related to timeout configuration ?



This thread was automatically locked due to age.
Parents
  • Hi Narimane,

    It is not recommended to use both SSO and a Captive Portal

     

    Generally I would recommend using a separate appliance that either does not use authentication or is set up specifically for the WIFI with no authentication (ie disable auth and create a generic default policy)

     

    A user can not simply erase their credential because they are done with it. 

     

    At a VERY high level:

    SSO

    the appliance intercepts a user request.. It queries the AD and checks to make sure the user is authenticated.   Every few mins the appliance will re-authenticate the credential.  If the user logs off the workstation or the credential expires, a new request is generated.

     

     

     

    This would normally be used on your wired secure network.

     

    Captive Portal.

    the request is received, the appliance authenticates the request.. If its valid the credential is set to expire after (how ever many hours you select)

    so if its 8 hours.. the appliance would not re-auth that credential until it expires. Likewise long dchp/ip policies could also cause issues. 

     

    On a side note: VM's are included in your licence .. you need need to deploy one for that purpose, feel free.. if you do not have a vm activation.. just drop your account manager a note and they will give one.   I highly recommend splitting your secure/insecure traffic.. 

     

     

    please see my KB on authentication.

    https://community.sophos.com/kb/en-us/126599

    see: Configuring default authentication policy

Reply
  • Hi Narimane,

    It is not recommended to use both SSO and a Captive Portal

     

    Generally I would recommend using a separate appliance that either does not use authentication or is set up specifically for the WIFI with no authentication (ie disable auth and create a generic default policy)

     

    A user can not simply erase their credential because they are done with it. 

     

    At a VERY high level:

    SSO

    the appliance intercepts a user request.. It queries the AD and checks to make sure the user is authenticated.   Every few mins the appliance will re-authenticate the credential.  If the user logs off the workstation or the credential expires, a new request is generated.

     

     

     

    This would normally be used on your wired secure network.

     

    Captive Portal.

    the request is received, the appliance authenticates the request.. If its valid the credential is set to expire after (how ever many hours you select)

    so if its 8 hours.. the appliance would not re-auth that credential until it expires. Likewise long dchp/ip policies could also cause issues. 

     

    On a side note: VM's are included in your licence .. you need need to deploy one for that purpose, feel free.. if you do not have a vm activation.. just drop your account manager a note and they will give one.   I highly recommend splitting your secure/insecure traffic.. 

     

     

    please see my KB on authentication.

    https://community.sophos.com/kb/en-us/126599

    see: Configuring default authentication policy

Children
No Data