This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

How to solve the Administrator Certificate-Based Authentication with issue of Redirection to prompt the username and password

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

How to solve the Administrator Certificate-Based Authentication with issue of Redirection to prompt the username and password

rmeddane
L2 Linker

‎01-02-2024 12:39 AM

The Certificate-Based Authentication for administrators to access the firewall through the web interface transparently authenticates the admin with a client certificate instead of prompting and entering manually the username and password.

 

The Client Certificate must be generated and signed either by the built-in CA of the Firewall or an Enterprise CA. The Common Name that you enter in the CSR should be the username of the Admin and the same username should be also created in the firewall as non-local database account with the option "Use only client certificate authentication (Web)" checked.

 

6.png

 

The Certificate Profile that defines which CA's certificate the firewall will use to verify the Client Certificate. This certificate profile contains the option "Username Field", In this field you need to select the option "Subject" to instruct the firewall to use the Common Name defined in the client certificate as the username when authenticating through the Web Interface.

 

Without specifiying the Username Field in the Certificate Profile, the Admin will be redirected to enter a username and password as shown below because the firewall  is unable to find which field in the client certificate it must use to authenticate the adming, and this is not the goal of using Administrator Certificate-Based Authentication.

 

3.png

 

1.png

 

2.png

 

To fix this, specify the Username Field to be the Common Name or the Subject Alternative Name.

 

4.png

 

5.png

 

0 Likes Likes
1 REPLY 1

C.Muniraju
L0 Member

‎10-01-2024 12:48 AM

Is there any option to customize a response page for admins who does not have certificates, 
we are getting error 400 bad request, we are expecting response like access denied 

0 Likes Likes
  • 964 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks