Fortinet 5.0 Patch 6

Fortinet 246 FortiWeb 5.0 Patch 6 Administration Guide

4. Click OK.

5. Go to Application Delivery > Site Publish > Site Publish Policy.

6. Click Create New.

7. In Name, type a unique name that can be referenced in other parts of the configuration. Do

not use spaces or special characters. The maximum length is 35 characters.

8. Click Create New and in Rule, select the name of a site publishing rule.

9. Repeat the previous step for each web application that will be part of the SSO domain.

10.Click OK.

Authentication

Delegation

Select what FortiWeb should do after the client successfully

authenticates with the authentication server, either:

•HTTP Basic — Use HTTP Authorization: headers with Base64

encoding to forward the client’s credentials to the web application.

Typically you should select this option if the web application supports

HTTP protocol-based authentication.

•No Delegation — Do not send the client’s credentials to the web

application. Typically you should select this option if the web

application uses HTML form-based authentication, or has no

authentication.

Note: If the web application uses form-based authentication, the

client will be required to authenticate twice: once with FortiWeb, and

then once again with the web application’s HTML form.

SSO Support Enable for single sign-on support.

For example, if this web site is www1.example.com and the SSO

domain is .example.com, once a client has authenticated with that site,

it can access www2.example.com without authenticating a second

time.

Site publishing SSO sessions exist on FortiWeb only; they are not

synchronized to the authentication and/or accounting server, and

therefore SSO is not shared with non-web applications. For SSO with

other protocols, consult the documentation for your FortiGate or other

firewall.

SSO Domain Type the domain suffix of Host: names that will be allowed to share this

rule’s authentication sessions, such as .example.com. Include the

period ( . ) that precedes the host’s name.

Alert Type Select whether to log authentication failures and/or successes:

•None — Do not generate an alert email and/or log message.

•Failed Only — Alert email and/or log messages are caused only by

authentication failures.

•Successful Only — Alert email and/or log messages are caused only

by successful authentication.

•All — Alert email and/or log messages are caused for all HTTP

authentication attempts, regardless of success or failure.

Event log messages contain the user name, authentication type, success

or failure, and source address (for example, User jdoe [Site

Publish] login successful from 172.0.2.5) when an end-user

successfully authenticates. A similar message is recorded if the

authentication fails (for example, User hackers [Site Publish]

Setting name Description