Fortinet 243 FortiWeb 5.0 Patch 6 Administration Guide
11.To apply the authentication policy, select it in an inline protection profile that is included in a
policy (see “Configuring a protection profile for inline topologies” on page 468).
See also
•Applying user groups to an authorization realm
•Single sign-on (SSO)
Single sign-on (SSO)If:
• your users will be accessing multiple web applications on your domain, and
•you have defined accounts centrally on an LDAP (such as Microsoft Active Directory) or
RADIUS server
you may want to configure single sign-on (SSO) and combination access control and
authentication (called “site publishing” in the GUI) instead of configuring simple HTTP
authentication rules. SSO provides a benefit over HTTP authentication rules: your users will not
need to authenticate each time they access separate web applications in your domain. When
FortiWeb receives the first request, it will return (depending on your configuration) an HTML
authentication form or HTTP WWW-Authenticate: code to the client.
FortiWeb sends the client’s credentials in a query to the authentication server. Once the client is
successfully authenticated, if the web application supports HTTP authentication and you have
configured delegation, FortiWeb forwards the credentials to the web application. The server’s
response is returned to the client. Until the session expires, subsequent requests from the client
If you have enabled logging, you can also make reports such as “Top Failed Authentication
Events By Day” and “Top Authentication Events By User” to identify hijacked accounts or
slow brute force attacks. See “Reports” on page 586.