SSO authentication Fail

From Secure Web Gateway
Revision as of 15:24, 2 May 2019 by en>Samidha12
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

Troubleshooting

If your configuration is exactly similar to How to and still your SSO authentication is failed

1.Make sureUser Name : administrator@safesquid.test (User name should be any user from AD having administrative permissions)

2.Monit service must be Up. Verify it using command :

root@sabproxy:~# pidof monit
19940

3.As soon as you Save policy by selecting NEGOTIATE_LDAP_AUTH 

kerberos.sh* script will automatically run from path /usr/local/safesquid/ui_root/cgi-bin

3.1.Verify below files at path:/usr/local/safesquid/security

HTTP.keytab
krb5.conf
krb.tkt

3.2.SafeSquid will create the stub zone for DNS resolution of your Active Directory server.

The file with stub zone will create with the name : safesquid.dns.conf

At path :/usr/local/safesquid/security/dns

Run command:  cat safesquid.dns.conf

zone safesquid.test {
 type stub;
 masters {192.168.221.1;};
 };

Also it will automatically copy at given path:/etc/bind/

Run command:  cat safesquid.dns.conf

zone safesquid.test {
 type stub;
 masters {192.168.221.1;};
 };

(Note: Monit service must be up)

If any one of above entry missing you have to repeat all the steps again.

First remove all the given files from above given path.

Start monit service and repeat all the steps and capture logs

'Command: 'tail -F /var/log/safesquid/native/safesquid.log

4.Go to Access Restriction > GLOBAL >> SSO: TRUE
5.ALLOW List : Policy with PAM: TRUE

6.Testing SSO Auth
6.1. Go to Windows machine which join in domain of AD e.g windows7.safesquid.test
6.2. Go to browser and set PROXY as : FQDN of proxy server (sabproxy.safesquid.test)
6.3. Access any website (Authentication prompt should not come)
6.4. Open extended logs

Commans : tail -F /var/log/safesquid/extended/extended.log
find <username>@<SAFESQUID.TEST>@ 192.168.221.212 ( IP addrees of Window machine which is in domain)