authetication override

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

authetication override

L4 Transporter

Why is it necessary to enter "generate cookie for authentication override and accept cookie for the authentication override on both the portal and gateway? I would think it would make more sense to select generate cookie for authentication override on the portal and accept cookie for the authentication override  on the gateway.

I am also not sure what you have to put authentication method on both the portal and the gateway.

1 accepted solution

Accepted Solutions

L7 Applicator

Hi @jdprovine

 

If you only need the cookie for a better user experience during one login, then it is enough if you only generate the cookie ond the portal and accept it on the gateway. 

If you have for example the requirement that a login should be valid for 7 days so that the user only has to log in again if he did not connect for 7 days, then I would also generate the cookies on the gateway. This way the cookie will also be renewed in case the portal is not available. Also because of that reason (portal not available) I would configure portal and gateway with the same authentication - to keep the authentication as you need it also in cases where a client (for whatever reason) skips the portal and connects to the gateway directly.

 

Hope this makes sense.

View solution in original post

6 REPLIES 6

L7 Applicator

Hi @jdprovine

 

If you only need the cookie for a better user experience during one login, then it is enough if you only generate the cookie ond the portal and accept it on the gateway. 

If you have for example the requirement that a login should be valid for 7 days so that the user only has to log in again if he did not connect for 7 days, then I would also generate the cookies on the gateway. This way the cookie will also be renewed in case the portal is not available. Also because of that reason (portal not available) I would configure portal and gateway with the same authentication - to keep the authentication as you need it also in cases where a client (for whatever reason) skips the portal and connects to the gateway directly.

 

Hope this makes sense.

L7 Applicator

Yes as per mr remo....

 

generate on portal and accept on gateway.

whatever auth you have on the portal, set same on the gateway.

cookie overide will prevent user having to authenticate again on gateway but needs to be there if portal is ever unavailablle

because client will use cached portal info and connect directly to the gateway(s) without a cookie. 

 

pretty much repeated what @Remo already stated but im gonna post anyhows...

 

 

@Mick_Ball @Remo

Yes just to make a better user experience so they don't have to log in twice and no I they would not be logged in for 7 days 

So it looks like generate cookie on the portal and accept onthe gateway is the best way to go for me. I have both radius and OTP set on both the portal and the gateway. I have both native clients and globalprotect clients using the VPN.

Bingo!

@Remo @Mick_Ball

 

I configured this and it worked just the way I wanted wooohooo

 

generate on portal and accept on gateway.

@jdprovine

 

Congratulations, you have earned a new badge...

 

newbadge.png

  • 1 accepted solution
  • 3164 Views
  • 6 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!