Multiple authentication profiles for GP portal and gateway?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Multiple authentication profiles for GP portal and gateway?

L2 Linker

Hi,

 

I am using LDAP authentication profile for GP Portal and Gateway authentication. The problem is when the LDAP server is down I can not log in. So I want to use two authentication profiles. One for LDAP backend and one for local authentication. As you see in the attached screenshot, I added them to GP portal settings. The problem is I can not use two of them. LDAP backed account is "test@domain.com". Local account is "test-local". If the LDAP profile is on top in Portal settings, LDAP authentication works and I can login with "test@domain.com". But if I try to login with "test-local" it fails with error log:

 

"failed authentication for user 'test-local'. Reason: User is not in allowlist auth profile 'LDAP-Admin-Users', vsys 'vsys1', From: xxx.xxx.xxx.xxx.

 

As you can see it tries to authenticate local user against LDAP profile and fails. It does not try to authenticate it against local profile.

 

So why can we set multiple authenticatin profiles in GP Portal settings? What is the purpose of it if it only uses first one? Or how can I achive what I need?

 

Thanks,

 

Rahman

 

 

panos-gp-portal.PNG

1 accepted solution

Accepted Solutions

L2 Linker

Well, after digging the documentation I think I found what I want; "Auhtentication sequence". So with creating authentication sequence that includes both local and ldap profiles then using this sequence in GP Portal, I solved my problem. I still don't understand the purpose of adding multiple profiles directly to Portal settings btw.

 

Thanks,

 

Rahman 

View solution in original post

2 REPLIES 2

L2 Linker

Well, after digging the documentation I think I found what I want; "Auhtentication sequence". So with creating authentication sequence that includes both local and ldap profiles then using this sequence in GP Portal, I solved my problem. I still don't understand the purpose of adding multiple profiles directly to Portal settings btw.

 

Thanks,

 

Rahman 

In addition to distinguishing a client authentication configuration by an OS, you can further differentiate by specifying an authentication profile. (You can create a New Authentication Profile or select an existing one.) To configure multiple authentication options for an OS, you can create multiple client authentication profiles.

 

authentication sequence profile which you have tried is the proper solution for your requirement.

 

Multiple authentication profile we use to create multiple authentication profile with different OS type.

  • 1 accepted solution
  • 6724 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!