Vanja <[EMAIL PROTECTED]> queried the List:
>I would like to know if there is someone out there having following
>things in the network:
>
>- Firewall-1 (VPN, running on Sparc Solaris 2.7)
>- ACE/Server (SecurID)
>- Platunim SSO (Single Sign-On)
>
>Now... I know that FW-1 will work w/ SecurID. Also, Platinum SSO will
>work with SecurID. But when someone is coming from the outside
>(internet), will (s)he need to authenticate once or twice? Scenario...
You will have to authenticate twice in this scenario - ie. no out of
the
box functionality.
You could potentially design a plug-in that would pass the FW-1
authentication along to the SSO server or a shim that allowed
FW-1 to proxy authentications to SSO server. I'm not aware of anyone
who has done this, but that's not to say it hasn't been done. You might
check with RSA Professional Services to see if they've done any custom
work in this area.
Sorry for the delay responding. Flu season here Stateside;-0
Suerte,
_Vin
>
>I dial to my ISP. Next, I authenticate to FW-1 (using SecuRemote) with
>SecurID. Will ACE/Server be able to immediately authenticate me to (for
>example) the NT domain by talking to the SSO server, or I will need to
>authenticate twice? Once at the FW-1, and once at the SSO server.
>
>Also, I've noticed that SecuRemote client for NT (V4, build 4118) does
>have an SSO option in the menu, while Windows 95/98 version does not. Is
>it some mistake in the setup of SecuRemote, or Win95/98 version doesn't
>support it? Does anybody use SecuRemote with SSO option?
>
>Thanks in advance.
>
>Vanja
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
