Users : Single sign-on (SSO) (site publishing)
Single sign-on (SSO) (site publishing)
If:
• your users will be accessing multiple web applications on your domain, and
• you have defined accounts centrally on an LDAP server (such as Microsoft Active Directory) or a RADIUS server.
you may want to configure single sign-on (SSO) and combination access control and authentication (called “site publishing” in the web UI) instead of configuring simple HTTP authentication rules. Unlike HTTP authentication rules, SSO does not require your users to authenticate each time they access separate web applications in your domain.
For example, if you configure HTML form authentication, when FortiWeb receives the first request, it returns an HTML authentication form.
FortiWeb forwards the client’s credentials in a query to the authentication server. Once the client is successfully authenticated, if you have configured FortiWeb to delegate, FortiWeb forwards the credentials to the web application. The server’s response is returned to the client. Until the session expires, subsequent requests from the client to the same or other web applications in the same domain do not require the client to authenticate again
.
You can use the SSO feature to replace your discontinued Microsoft Threat Management Gateway. With SSO enabled, you can use FortiWeb as a portal for multiple applications such as SharePoint, Outlook Web Application, Lync, and/or IIS. Users log in once to use any or all of those resources.
| If you do not want to apply SSO, but still want to publish multiple sites through the same server policy, apply the same steps, except do not enable SSO. |
See also