Fortinet 246 FortiWeb 5.0 Patch 6 Administration Guide
4. Click OK.
5. Go to Application Delivery > Site Publish > Site Publish Policy.
6. Click Create New.
7. In Name, type a unique name that can be referenced in other parts of the configuration. Do
not use spaces or special characters. The maximum length is 35 characters.
8. Click Create New and in Rule, select the name of a site publishing rule.
9. Repeat the previous step for each web application that will be part of the SSO domain.
10.Click OK.
Authentication
Delegation
Select what FortiWeb should do after the client successfully
authenticates with the authentication server, either:
HTTP Basic — Use HTTP Authorization: headers with Base64
encoding to forward the client’s credentials to the web application.
Typically you should select this option if the web application supports
HTTP protocol-based authentication.
No Delegation — Do not send the client’s credentials to the web
application. Typically you should select this option if the web
application uses HTML form-based authentication, or has no
authentication.
Note: If the web application uses form-based authentication, the
client will be required to authenticate twice: once with FortiWeb, and
then once again with the web application’s HTML form.
SSO Support Enable for single sign-on support.
For example, if this web site is www1.example.com and the SSO
domain is .example.com, once a client has authenticated with that site,
it can access www2.example.com without authenticating a second
time.
Site publishing SSO sessions exist on FortiWeb only; they are not
synchronized to the authentication and/or accounting server, and
therefore SSO is not shared with non-web applications. For SSO with
other protocols, consult the documentation for your FortiGate or other
firewall.
SSO Domain Type the domain suffix of Host: names that will be allowed to share this
rule’s authentication sessions, such as .example.com. Include the
period ( . ) that precedes the host’s name.
Alert Type Select whether to log authentication failures and/or successes:
NoneDo not generate an alert email and/or log message.
Failed OnlyAlert email and/or log messages are caused only by
authentication failures.
Successful Only Alert email and/or log messages are caused only
by successful authentication.
AllAlert email and/or log messages are caused for all HTTP
authentication attempts, regardless of success or failure.
Event log messages contain the user name, authentication type, success
or failure, and source address (for example, User jdoe [Site
Publish] login successful from 172.0.2.5) when an end-user
successfully authenticates. A similar message is recorded if the
authentication fails (for example, User hackers [Site Publish]
login failed from 172.0.2.5).
Setting name Description