-
-
Configure application authentication, authorization, and auditing
-
-
Advanced Policy Expressions: Working with Dates, Times, and Numbers
-
Advanced Policy Expressions: Parsing HTTP, TCP, and UDP Data
-
Advanced Policy Expressions: IP and MAC Addresses, Throughput, VLAN IDs
-
-
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Configure application authentication, authorization, and auditing
You can configure Authentication, Authorization, and Auditing (AAA) for the applications that you configure on the appliance. An authentication policy that is configured for an application defines the type of authentication to apply when a user or group attempts to access the application. If external authentication is used, the policy also specifies the external authentication server. Authorization policies configured for an application specify whether a particular user or group can access the application. Auditing policies define the audit log type, the level at which logging is performed, and other audit server settings. Authentication and auditing policies use the classic policy format.
Authentication policies, authorization policies, and auditing policies can be configured in any order. However, before you configure AAA for an application, you must configure a public endpoint for the application.
Configuring authentication for an application involves specifying an authentication FQDN, an authentication virtual server, a server certificate, and authentication and session policies. Authentication policies are automatically bound to the authentication virtual server specified for the application.
To configure authentication for an AppExpert application:
- Navigate to AppExpert > Applications.
- In the details pane, do one of the following:
- Click Add to add an authentication for a new application.
- Click Edit to modify an existing application.
- In the Applications page, select an Application Unit.
- In the Application Unit slider page, click Authentication from the Advanced Settings section.
- In the Authentication section, select the authentication type as follows:
- Form based authentication
- 401 based authentication
- None
- Click OK and then click Done.
Configure application authorization
You can configure authorization for users and groups to enable then to access an AppExpert application. If the AAA user or group for which you want to configure permissions has not already been created, you can create it from AppExpert and then configure permissions for application access.
To configure permissions for a AAA user or group to access an AppExpert application:
- Navigate to AppExpert > Applications.
- In the details pane, click the AppExpert application for which you want to configure a user or group access.
- In the Applications page, and then click Authorization. from the Advanced Settings section.
- Do one of the following:
-
If the AAA user or group for which you want to configure permissions are already in the Groups/Users tree, drag the user or group from the Groups/Users tree to the Users or Groups node in the application tree. Then, right-click the user or group and click Allow.
-
If the AAA user or group for which you want to configure permissions is not configured on the appliance, in the application tree, right-click Users or Groups, and then click Add. In the Create AAA Group or Create AAA User dialog box, fill in the values, click Create, and then click Close.
The user or group is created with the permission set to Allow. To change the permission setting, right-click the group or user, and then click the permission setting.
-
- Click Done and then click Close.
Configure application auditing
When you configure auditing policies for an application, you must specify the server to which the log messages must be directed, the format of the messages logged, and the log level. Optionally, you can configure other settings, such as the log facility and date format. Auditing policies are automatically bound to all the AppExpert application’s public endpoints.
To configure auditing policies for an application:
- Navigate to AppExpert > Applications.
- In the details pane, click the application for which you want to configure auditing policies.
- In the Application Unit slider page, click + icon in the Policies section to configure the auditing policies.
- In the Policies slider page, select policy type as Syslog auditing or Nslog auditing and click Continue.
- In the Policy binding section, set the following parameters.
-
Select a policy for binding. If you do not have a policy for binding. click + to create a new policy.
-
To create a new auditing policy, under Policy Name, click New Policy, and then, in the Policy page do the following:
- In the Name box, type a name for the policy.
- The Name box already contains the string that is required at the beginning of the server name. You cannot modify the string.
- From the Auditing Type list, select the auditing type (either SYSLOG or NSLOG).
- If the audit server you want to specify is already listed in the Server list, select the server from the list, and then, if you want to modify the server settings, click Modify. In the Configure Auditing Server dialog box, modify the settings as appropriate, and then click OK. For more information about the settings in the Configure Auditing Server dialog box, see Auditing Authenticated Sessions.
- If you want to configure a new audit server, click New, and then, in the Create Auditing Server dialog box, type a name for the server, specify the server IP address, port number, and other settings as appropriate. When finished, click OK.
- Click Create.
-
To change the priorities for the new auditing policies you created, under Priority, for each policy for which you want to change the priority, double-click the priority value and type new priority value.
-
To regenerate priorities, click Regenerate Priorities.
-
To unbind a policy, click the policy, and then click Unbind Policy.
-
To modify a policy, click the policy, and then click Modify Policy.
-
- Click Apply Changes, and then click Close.
Disabling AAA for an Application
After you configure AAA for an application, you can disable the AAA configuration for that application. When you disable AAA for an application, the configuration is not lost. You can enable AAA for the application when you want to reapply the configuration.
To enable or disable AAA for an application:
- Navigate to AppExpert > Applications.
- In the details pane, click the application for which you want to enable or disable AAA, and then do one of the following:
- To disable AAA for the application, click Turn Off AAA.
- To enable AAA for the application, click Turn On AAA.
Share
Share
This Preview product documentation is Cloud Software Group Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Cloud Software Group Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Cloud Software Group product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.