Transparent Kerberos SSO Authentication
Identity Awareness Check Point Software Blade on a Security Gateway that enforces network access and audits data based on network location, the identity of the user, and the identity of the computer. Acronym: IDA. can recognize Microsoft group membership data in the Kerberos An authentication server for Microsoft Windows Active Directory Federation Services (ADFS). tickets that are granted by any domain controller configured in SmartConsole Check Point GUI application used to manage a Check Point environment - configure Security Policies, configure devices, monitor products and events, install updates, and so on.. This solution is available for:
-
Identity Agent for a Terminal Server
The Transparent Kerberos SSO Authentication feature is disabled by default.
-
Connect to the command line on the Identity Awareness Gateway.
-
On a VSX Virtual System Extension. Check Point virtual networking solution, hosted on a computer or cluster with virtual abstractions of Check Point Security Gateways and other network devices. These Virtual Devices provide the same functionality as their physical counterparts. Gateway, go to the context of the Virtual System with the enabled Identity Awareness Software Blade.
See the VSX Administration Guide for your version.
-
Configure the Transparent Kerberos SSO Authentication.
Configure the Transparent Kerberos SSO Authentication-
To see if the feature is enabled or disabled, run:
pdp auth fetch_by_sid status
-
To enable the feature, run:
pdp auth fetch_by_sid enable
-
To disable the feature, run:
pdp auth fetch_by_sid disable
Configure the Identity Client to support domains that are not configured in SmartConsole-
To see if the feature is enabled or disabled, run:
pdp auth kerberos_any_domain status
-
To enable the feature, run:
pdp auth kerberos_any_domain enable
-
To disable the feature, run:
pdp auth kerberos_any_domain disable
Configure the Identity Client to send updated Kerberos tickets upon policy installationBy default, the Identity Client fetches and sends a Kerberos ticket to the Identity Awareness Gateway only during a re-authentication (based on the Identity Client settings).
You can force the Identity Client to send an updated Kerberos ticket when you install Access Control Policy on the Identity Awareness Gateway.
-
To see if the feature is enabled or disabled on the Identity Awareness Gateway, run:
pdp auth reauth_agents_after_policy status
-
To enable the feature, run:
pdp auth reauth_agents_after_policy enable
-
To disable the feature, run:
pdp auth reauth_agents_after_policy disable
-
-
Install the Access Control Policy on this Identity Awareness Gateway (Virtual System).