User-id Credential Check TEST?

DeadBeef — Wed, 19 Aug 2020 19:42:38 GMT

I have everything configured following the documents I found online. I see from the user-id logs the BF is being exchanged with the FW. My users login using pre-win2000 id's. (LNameFI) Verified by monitoring the id's and IP's in User-id app. So now to try testing. Most sites today require a long ID. Usually your email address. I went to a site that would match my category setup in the firewall and created a new account. I then logged into the site using my creds. No alerts or warning messages. I actually have the category set to 'Continue'.

My thought is the pre-2000 login and my email address are not the same thing so no match. Can you direct User-ID Cred. to use an AD attribute? After all this setup I doubt I will catch many people using LNameFi as a login on the web. Or do I have a configuration issue and that's why it's not triggering. Please let me know what I should look at. Is it my config or just because the way we log into machines?

Re: User-id Credential Check TEST?

Chacko42 — Wed, 31 Mar 2021 14:12:02 GMT

The username in use shouldn't matter.

All submitted credentials, which are mapped via user-id to that ad-user will be checked against credential submission.

Another requirement is, that you have tls-decryption enabled - you can e.g. test this on the german train site db.de in the login area.

Works fine with me

topic Re: User-id Credential Check TEST? in General Topics

User-id Credential Check TEST?

Re: User-id Credential Check TEST?