Applies To:

Show Versions Show Versions

Manual Chapter: Common Deployment Examples for Single Sign-On
Manual Chapter
Table of Contents   |   << Previous Chapter

Common use cases for Single Sign-On deployment

You can deploy Single Sign-On in a variety of ways, depending on your needs within your networking environment. Your deployment options include the following choices.

Use case deployment type Description
For local traffic pool members Deploy SSO for local traffic with pool members.
For web application access over network access Deploy SSO through a network access with layered virtual servers.
For web applications Deploy SSO so users can access their web applications. You can assign an SSO object as part of the web application resource item, or assign the object at the access profile level instead.

Task summary for configuring web application over network access tunnel for SSO

Access Policy Manager® lets you configure Single Sign On for web applications access over a network access tunnel.

To set up this configuration, follow the procedures in the task list.

Task List

Configuring network access for SSO with web applications

  1. On the Main tab, click Access Policy > Network Access . The Network Access List screen opens.
  2. Click the Create button. The New Resource screen opens.
  3. In the Name box, type a name for the resource. Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.
  4. To configure the general properties for the network resource, click Properties on the menu bar.
  5. Configure your network client settings.
  6. Click the Finished button. The Network Access configuration screen opens, and you can configure the properties for the network access resource.

Configuring network access properties

  1. On the Main tab, click Access Policy > Network Access . The Network Access List screen opens.
  2. Click the name to select a network access resource on the Resource List. The Network Access editing screen opens.
    Note: This screen also opens immediately after you create a new network access resource.
  3. To configure the general properties for the network resource, click Properties on the menu bar.
  4. To configure DNS and hosts settings for the network access resource, click DNS/Hosts on the menu bar.
  5. To configure the drive mappings for the network access resource, click Drive Mappings on the menu bar.
  6. To configure applications to start for clients that establish a network access connection with this resource, click Launch Applications on the menu bar.

Configuring and managing the access profile using SSO

  1. On the Main tab, click Access Policy > Access Profiles . The Access Profiles List screen opens.
  2. Click Create. The New Profile screen opens.
  3. Type a name for the access profile. Names must begin with a letter, and can contain only letters, numbers, and the underscore (_) character.
  4. Ensure that the SSO Config setting specifies None, and leave all the other settings at their defaults.
  5. Click Finished.
  6. Click the name of the access profile for which you want to edit the access policy. The Access Profile properties screen opens for the profile you want to edit.
  7. On the menu bar, click Access Policy. The Access Policy screen opens.
  8. Click Edit Access Policy for Profile profile_name. The visual policy editor opens the access policy in a separate window or tab.
  9. Add your objects to the access policy.

Configuring an HTTP virtual server for the network access

Create a virtual server to which the network access associates your access policy.
  1. On the Main tab, click Local Traffic > Virtual Servers . The Virtual Server List screen displays a list of existing virtual servers.
  2. Click the Create button. The New Virtual Server screen opens.
  3. In the Name field, type a unique name for the virtual server.
  4. For the Destination setting, in the Address field, type the IP address you want to use for the virtual server. The IP address you type must be available and not in the loopback network.
  5. From the SNAT Pool list, select Auto Map.
  6. In the Configuration area, specify both SSL Profile (Client) and SSL Profile (Server).
  7. Type a port number in the Service Port field, or select a service name from the Service Port list.
  8. From the Configuration list, select Advanced.
  9. In the Access Policy area, select the Access Profile you created.
  10. Click Finished.
Your user is now able to log on to Access Policy Manager and have full access to all their web services.
If you want to eliminate the need for users to enter their credential multiple times to access each web service, you now need to configure a layered virtual server for each of your web service.

Configuring a layered virtual server for your web service

Create a layered virtual server for every web service that the users access to eliminate the need for them to enter credential multiple times.
  1. On the Main tab, click Access Policy > Access Profiles . The Access Profiles List screen opens.
  2. Create an access profile with a dummy default access policy.
  3. Configure the access profile with the appropriate access policy, for example, SSO Credential Mapping.
  4. Click Update.
  5. On the Main tab, click Local Traffic > Virtual Servers . The Virtual Server List screen displays a list of existing virtual servers.
  6. Select the layered virtual server you created for your web service. The General Properties screen opens.
  7. In the Configuration area for the VLAN and Tunnel Traffic setting, select All VLANS and Tunnels to ensure that the layered virtual server sends traffic from the network traffic to the network access tunnel interface.
  8. Associate the dummy access profile you created by selecting it from the Access Profile list.
  9. From the Configuration list, select Advanced, scroll down, and make sure that both Address Translationand Port Translation settings remained cleared.
  10. Click Update. The users are now able to access multiple web services without having to enter their credential multiple times.

Configuring portal access resources for SSO

You can assign an SSO object as part of the portal access resource item. If you do not configure an SSO object at that level, you can use the SSO object at the access profile level instead.
  1. On the Main tab, expand Access Policy, and click SSO Configurations. The SSO Config List screen opens.
  2. Click Create. The New SSO Configuration General Properties screen opens.
  3. From the SSO Method list, select an SSO method. Additional fields may appear based on your selection.
  4. Type a name for the SSO object.
  5. In the SSO Method Configuration area, specify all relevant parameters. Refer to the online help for specific information on each parameter.
  6. Click Finished.
  7. On the Main tab, click Access Policy > Access Profiles . The Access Profiles List screen opens.
  8. Click the name of the access profile for which you want to edit the access policy. The Access Profile properties screen opens for the profile you want to edit.
  9. From the SSO Configuration list, select the SSO configuration.
  10. Click Finished.
Table of Contents   |   << Previous Chapter

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)