Knowledge Base

Support Policies

Enforce One Realm to Only Accept User Traffic from Another Realm

SecureAuth IdP Version affected: All versions

Description: Some customers may want their end-users to successfully authenticate through one realm before they are allowed to reach another realm. Reasons for this could include: additional methods of authentication, different user-group-access permissions between realms, different data-store settings between realms, etc. This can accomplished through the use of Microsoft's IIS URL Rewrite tool.

First, create a new, or configure an existing, realm that will serve as a begin site to another realm.
**For example purposes, SecureAuth25 is my starting realm and SecureAuth24 is my final realm.

Configure the Starting realm as desired.
- From the Post Authentication tab, set the Authenticated User Redirect drop-down menu to Use Custom Redirect.
- In the Redirect To field, type in the ending URL to the second realm.




Configure the Second realm as desired.
**Optional: From the Overview tab, set the Restart Login URL to redirect to the Starting realm.




Install Microsoft's URL Rewrite IIS tool if you haven't already.
- Open Internet Information Services Manager (IIS)
- From the left hand panel, in the manager window, expand the directory under your machine’s name.
- Expand SitesDefault Web Site and click on the Second realm (e.g. SecureAuth24).
- Double click URL Rewite.




- From the Actions panel, on the right-hand side, click Add Rule(s)...
- Select Blank rule under Inbound rules and click OK.
- Name the rule as desired, under Using select Wildcards, under Pattern input *
- From the Action type drop-down menu select Redirect, and enter the Starting realm's URL.

- Expand the Conditions menu and click Add.
- Under Condition input enter {HTTP_REFERER}, from the Check if input string drop-down select Does Not Match the Pattern, under Pattern input the URL to your Starting realm with a wildcard marker at the end, and click OK.

**This condition will redirect user traffic back to the Starting realm if they attempt to hit the second realm's URL without properly authenticating though the Starting realm, first.




- Again, Expand the Conditions menu and click Add.
- Under Condition input enter {HTTP_REFERER}, from the Check if input string drop-down select Does Not Match the Pattern, under Pattern input the URL to your Second realm with a wildcard marker at the end, and click OK.

**This condition will prevent properly-authenticated user traffic from being redirected back to the Starting realm as they move through the authentication and post authentication workflows of realm Second realm.




- Lastly, from the action Actions panel on the right-hand side click Apply.

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.