Creating Forms-Based Dynamic Single Sign-On Profiles
Legacy Single Sign-On profile supports SSO authentication for applications such as OWA, Citrix ZenApp, and Citrix ZenDesktop. To overcome this limitation and to support all the third party applications such as Confluence, Jira, SonicWall Firewall, and so on, SMA is enhanced to support Dynamic Single Sign-On profile which allows SSO authentication on any type of resources.
Many Web applications use dynamic forms-based authentication, in which the user enters a set of credentials into HTML form fields, and a session token is stored in a browser cookie. This type of authentication is popular because it is supported on any combination of browser and Web server. The other benefit is that you can customize the login page.
Use AMC to set up a single sign-on profile that will forward a user’s appliance credentials to a Web application that uses forms-based authentication.
If you want to use the Legacy Single Sign-On profile, you can still use by modifying the following CEM property”
To create a form based dynamic single sign-on profile
- In the AMC, navigate to System Configuration > Services.
In the Access Services section, click the Configure link under Web proxy service.
The Web Proxy Service page displays.
- Click the Dynamic Single Sign-On Profiles tab.
Click the + (New) icon.
The Dynamic Single Sign-On Profile page displays.
- Type a Name and Description, and then select the applicable application from the Application list. (To start from scratch and specify elements from a custom form, select Other).
In the Username input element field, enter name or id of the input element that takes the username for logging in. The value for this element will be same as what user need to enter for VPN login.
If the login form needs more than username/email and password, use the “Additional Form Elements” section to configure them.
Do not configure password element, it will be automatically detected.
- In the Additional Form Elements section, click the + icon.
- In the Form Element field, enter the input element with which an user will interact.
- In the Map To This Value drop-down, select the value for which the form element to be mapped.
- Click OK.
In the Advanced section, enter name or id of the submit button that is used to submit the form in the Login /Submit button field.
The Submit field is optional. When not configured it is automatically detected. Leave this field empty and update it only when auto-detect is not correctly identifying it.
In the URLs of login page field, enter the relative URLs without host or IP address. Enter each URL in a separate line.
The URLs of login page field is optional and can be left empty. Use it only when auto-detection of login page fails.
In the Login detection drop-down, select the detection option of the URL and enter the respective value.
To identify whether user has successfully logged in after SSO. Choose 'Cookie' where web resource will respond back with a session cookie or 'URL Redirection' to redirect to a page or 'Header' that will set a response header.
- Select Send credentials to client checkbox if username/password is encoded or encrypted by web application when submitting the login credentials.
- Unselect the Hide login page checkbox if user credentials need to submitted without reloading the page.
- Click Save.
Assign this Dynamic Single Sign-On Profile to appropriate Web Application Profile of a resource. When configured, user’s credentials are automatically sent to the back-end server when the user reaches login page and user gets automatically logged in.
For information on configuring SSO for a Web application that uses Windows NTLM or basic authentication, see Web Application Profiles.
Was This Article Helpful?
Help us to improve our support portal