Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 1 subscriber
  • Views 3731 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

SSO possible with WAF?

szo850
Hello,
I'm trying to solve a SSO issue between two hosts, that occurs when Host A (also hosting the CAS) is behind WAF (no filter).

The user is reaching a login page, simply by clicking on an URL with the FQDN of Host B. When this is being DNAT:ed, the user is clicking on this URL and then instantly returned to Host A again and to a login page, with a ticket and service pointer (FQDN of Host B) in the address bar (populated through the process above). After entering credentials, the user is being passed through to Host B.

When Host A is behind WAF, nothing happens when the user is clicking on the same URL. The user is never directed to the login page. 

Any ideas?

I'm sorry for the fuzzy description above, I'm struggling with the correct translations. [:)]


This thread was automatically locked due to age.
Parents
  • 0
    I understand the words, but I don't see the picture. [:)]  How about some specifics or pictures?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Reply
  • 0
    I understand the words, but I don't see the picture. [:)]  How about some specifics or pictures?

    Cheers - Bob
     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
Children
  • 0 in reply to BAlfson
    I understand the words, but I don't see the picture. [:)]  How about some specifics or pictures?

    Cheers - Bob

    Sure, see attached file.
    The "service" specified in the picture is host B, a Apache/JBOSS hosted on a RHEL.

    This sollution is called JASIG CAS if that is of any help.
Unfiltered HTML