Fortinet 247 FortiWeb 5.0 Patch 6 Administration Guide
11.Select the site publishing policy in an inline web protection profile (see “Configuring a
protection profile for inline topologies” on page 468). The profile must be used in the policy
applying your domain’s virtual servers.
12.To verify the configuration, log in to one of the web applications, then log in to another web
application in the same domain that should be part of the SSO domain.
See also
•Offloading HTTP authentication & authorization
Example: Enforcing complex passwordsExample Co. web hosting needs to enforce reasonably secure passwords on web applications
that do not provide this feature themselves. Since end users already authenticate with the web
applications, Example Co. does not need to configure FortiWeb with user accounts to apply
authentication — in other words, authentication offloading is not required. Instead, they simply
need to enforce the security policy in the authentication transactions that already exist between
the clients and web servers.
To do this, Example Co. would configure and apply an input rule (see “Validating parameters
(“input rules”)” on page 421). This rule either could use a predefined data type to require
password complexity (Level 2 Password — see “Predefined data types” on page 166), or could
use a custom-defined data type to allow or require additional special characters for additional
strength (see “Defining custom data types” on page 429).