[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Update Re: [FW1] HTTP user authentication with Ace server & SecureIDtokens.

To: Elias Aghnatios <Elias.Aghnatios@fujitsu.com.au>
Subject: Re: Update Re: [FW1] HTTP user authentication with Ace server & SecureIDtokens.
From: Bill Husler <BHusler@PacBell.net>
Date: Wed, 21 Apr 1999 20:51:07 -0700
Cc: FireWall Mailing List <fw-1-mailinglist@lists.us.checkpoint.com>


I don't think that SecurID has anything to do with the problem. I
think the problem is that they authenticate to get to an
unrestricted page, then try to move to a restricted page on the same
server and Netscape is trying to help. That is why I suggested that
you use client authentication for your http and use telnet to port
259 (with securID if you like), prior to starting netscape. This
way, the telnet session with take care of the firewall
authentication and Netscape will think the authentication at the
restricted page if the first one it came across.
Bill

Elias Aghnatios wrote:
> 
> I tried using FW-1 password instead of Ace and Secure ID tokens. Still have the same
> problem.
> 
> Thanks  a lot
> 
> William Joseph Husler wrote:
> 
> > I have seen symptoms similar to this with Client authentication and
> > HTTP security Server. I believe the root cause is that the initial
> > firewall authentication was triggered by an attempt to access a page
> > within the same domain as the restricted page. I believe that the
> > Browser insists on sending the same cached authentication
> > information to both and the firewall and secured site fight over it.
> > To test this theory, you might try using telnet to port 259 to
> > authenticate prior to starting up Netscape so the authentication is
> > not in Netscape's cache.
> > Bill
> >
> > Elias Aghnatios wrote:
> > >
> > > Hello all,
> > >
> > > I hope I am describing my problem properly. Sorry for the long
> > > description.
> > >
> > > Version: FireWall 3.0b
> > > Platform : Solaris 2.5.1
> > >
> > > Situation : I have remote clients coming in using SeureID tokens and
> > > Radius Authentication. Telnet is working properly. HTTP has got this
> > > particular problem: the users can browse the specified http server
> > > without any problems, they get authenticated by the Ace server using the
> > > SeureID tokens. However, if they try to access a restricted area on the
> > > http server requiring a login name and a password, they fail. The users
> > > have already been assigned appropriate credentials to access those
> > > areas. When accessing those areas they don't supply the Token password,
> > > they supply the user names for the web site.
> > > The error message logged is : reason Unknown user resource
> > > http://aaa.bbb.ccc.ddd:80/xxxxxxx/xxxxx
> > >
> > > I have also setup a URI Resource to match the web server and specified
> > > wild card: * in all fields and clicked all fields int the Match tab of
> > > the resource properties.
> > >
> > > Any ideas.
> > >
> > > Thanks a lot in advance for your help.
> > >
> > > ================================================================================
> > >      To unsubscribe from this mailing list, please see the instructions at
> > >                http://www.checkpoint.com/services/mailing.html
> > > ================================================================================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Radius
Next by Date: Re: [FW1] Account Management Module
Prev by thread: Update Re: [FW1] HTTP user authentication with Ace server & SecureIDtokens.
Next by thread: [FW1] SecuRemote and Outlook Client
Index(es):
- Date
- Thread