Multiple authentication profiles for GP portal and gateway?

Reply
Highlighted
L2 Linker

Multiple authentication profiles for GP portal and gateway?

Hi,

 

I am using LDAP authentication profile for GP Portal and Gateway authentication. The problem is when the LDAP server is down I can not log in. So I want to use two authentication profiles. One for LDAP backend and one for local authentication. As you see in the attached screenshot, I added them to GP portal settings. The problem is I can not use two of them. LDAP backed account is "test@domain.com". Local account is "test-local". If the LDAP profile is on top in Portal settings, LDAP authentication works and I can login with "test@domain.com". But if I try to login with "test-local" it fails with error log:

 

"failed authentication for user 'test-local'. Reason: User is not in allowlist auth profile 'LDAP-Admin-Users', vsys 'vsys1', From: xxx.xxx.xxx.xxx.

 

As you can see it tries to authenticate local user against LDAP profile and fails. It does not try to authenticate it against local profile.

 

So why can we set multiple authenticatin profiles in GP Portal settings? What is the purpose of it if it only uses first one? Or how can I achive what I need?

 

Thanks,

 

Rahman

 

 

panos-gp-portal.PNG


Accepted Solutions
Highlighted
L2 Linker

Re: Multiple authentication profiles for GP portal and gateway?

Well, after digging the documentation I think I found what I want; "Auhtentication sequence". So with creating authentication sequence that includes both local and ldap profiles then using this sequence in GP Portal, I solved my problem. I still don't understand the purpose of adding multiple profiles directly to Portal settings btw.

 

Thanks,

 

Rahman 

View solution in original post


All Replies
Highlighted
L2 Linker

Re: Multiple authentication profiles for GP portal and gateway?

Well, after digging the documentation I think I found what I want; "Auhtentication sequence". So with creating authentication sequence that includes both local and ldap profiles then using this sequence in GP Portal, I solved my problem. I still don't understand the purpose of adding multiple profiles directly to Portal settings btw.

 

Thanks,

 

Rahman 

View solution in original post

Highlighted
L2 Linker

Re: Multiple authentication profiles for GP portal and gateway?

In addition to distinguishing a client authentication configuration by an OS, you can further differentiate by specifying an authentication profile. (You can create a New Authentication Profile or select an existing one.) To configure multiple authentication options for an OS, you can create multiple client authentication profiles.

 

authentication sequence profile which you have tried is the proper solution for your requirement.

 

Multiple authentication profile we use to create multiple authentication profile with different OS type.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!