Kerberos SSO Authentication Setup

From Secure Web Gateway
Revision as of 12:36, 16 April 2021 by en>Deep.patne
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

          The main aim/objective of this particular authentication is that the user doesn’t have to enter its credentials the software will automatically detect from which user group does the user belong and will set the restrictions accordingly.

Overview

          After installation of  Windows Server and integrating AD with SafeSquid we need to configure the DNS settings in Windows Server. This document will give you the step by step instructions on how to configure DNS. After completing this we need to add the same credentials we used while setting up our DNS, into the Browser. Then we will be able to view the user group that we have created, in Developer Tools section in our Browser.

Prerequisite

 

Client Scenario

          Since we want to use FQDN proxy server and not the IP Address format we need to create a new host and assign a required domain name. For this we will go to the AD which we created named 'mann-ad.safesquid.' Create New host and stet it's name as 'sabproxy'. In the FQDN we will enter 'sabproxy.mann-ad.safesquid' and IP address as '192.168.56.101'. Now go to the Browser Settings, select Manual Proxy Configuration. Here we will enter HTTPS proxy as sabproxy.mann-ad.safesquid. Now we would be able to see all the created users in Network Tab in Developer Tools.

Procedure

Step 1: Configure the DNS settings:

 

If you want to achieve this then you will not be using the <IP address> : <port> format. We will be using the FQDN of the proxy server. In order to setup the DNS for the FQDN follow the following steps.

  1. Open the Server Manager in the Windows Server and click on tools in the top right corner of the Menu.
    RTENOTITLE
  2. Now select the DNS option.
    RTENOTITLE
    A window like this will appear.
    RTENOTITLE
  3. Click on Forward Lookup Zones.
    RTENOTITLE
  4. Select the AD which you created or Integrated with the safesquid in my case it is mann-ad.safequid.
    RTENOTITLE
  5. Right click on it and select New Host(A or AAAA).
    RTENOTITLE
  6. Now this is the most important step. For this step you need to know your domain name. To find it use hostname -f command in the safesquid machine. You will find your domain name over here. So domain name in my case is sabproxy.
    RTENOTITLE
  7. Enter the following credentials in the fields. Note: The IP address should be the IP of the SafeSquid machine.
    RTENOTITLE
  8. Click on Add Host. It will add the DNS host.
    RTENOTITLE

 

 

​​Step 2 : Configuring Settings in the Browser

 

  1. Now in order to use the proxy open the web browser and go to settings and search for proxy settings.
  2. Select the manual configuration option. Enter the FQDN which you just created in the step no 7 in the Proxy field and enter 8080 as the port number.
    Etsf.png
  3. ​​​​​​Click on Okay and restart the browser.

 

 

Output

  1. Now go to any website and right click on it and select on inspect element.
    Rcie.png
  2. Select the network option from the navigation menu.
    Rnon.png
  3. Reload the page and select any field.
    Rpsf.png
  4. You will see the usergroup which you have created.
    Ughc.png