Important note about SSL VPN compatibility for 20.0 MR1 with EoL SFOS versions and UTM9 OS. Learn more in the release notes.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO Transparent Authentication "How To"

Hi,

We are with difficulty for authentication client on SSO mode(Single Sign On) transparent authentication.

I found a "How to" in site Sophos Community (community.sophos.com/.../123159) but using client "Sophos Single Sign-On Client" installed on workstation. We need to authenticate our windows AD users whithout  installing any client, Sophos SSO seems the way to do that but im not been able to do that. Users from AD are autenticating in user portal succesfully but SSO is not working properly as we required.

In latest version it was necesary to insert firewall into AD. but in new version i can not see where to do that, and i do not know if it is necessary.

Thank you for help!



This thread was automatically locked due to age.
Parents
  • Here is the entire Configuration in a nut shell. Please undo everything you did with SSO client. One of the best things i Like about the XG firewall SSO is it never uses/exchanges users "Password" with the AD in the whole Client less SSO process

    1. You need to Integrate the Active Directory with the XG firewall and make sure the integration is successful.
    community.sophos.com/.../123155 (Using SSL for integration is an optional config, I recommend use the normal config and if this document works try implementing the SSL)

    2. How do you test if the integration is successful? just login to http://firewallip:8090 and authenticate with a user and verify if its successful and if the user is falling in the correct group in the XG firewall. you can check this under System --> Authentication --> Users

    3. Follow this document from there on
    community.sophos.com/.../123156

    The only place where you might the problem is when you start the STAS service you might see a logon failure you need have to go to services and open the properties of the STAS and under logon (Re enter the password)

    Make sure the WMI polling is working from the Active Directory, you can check it from the advanced tab on the STAS suite or from the windows machine itself

    Start --> Run --> wbemtest.exe ==> \\ipofworkstation\root\cimv2 --> Query --> select username from win32_computersystem --> Click on Win32 computersystem = Nokey and properties you should see the username.

    Note: WMI should be successful for the STAS to work smoothly because the STAS uses WMI as a log off mechanism to verify the users

    Please let me know if you have an issue even after I can give you further instructions.

    Thanks,
    Kranthi
  • Hi Kranthi Yadlapudi,

    I have an issue installing the STAS Suite on Windows Server 2008. When installing, it fails saying “Could not install STAS Service”. Re-installing the suite does not cause the error to pop up again, but when looking under windows services, the service is still not there.

    Why does the service not install? I am logged in as an administrator.

    Kind Regards,

    Werner

Reply
  • Hi Kranthi Yadlapudi,

    I have an issue installing the STAS Suite on Windows Server 2008. When installing, it fails saying “Could not install STAS Service”. Re-installing the suite does not cause the error to pop up again, but when looking under windows services, the service is still not there.

    Why does the service not install? I am logged in as an administrator.

    Kind Regards,

    Werner

Children
No Data