SecureAuth IdP Version affected: All versions
Description: With the latest version of--SecureAuth 9.0.2--there are two Post Authentication methods used for certificate enrollment:
- Create PFX allows users to download a certificate directly onto their machine and import it into whichever certificate store that their browser requires--see how here.
- Native Mode Cert Landing Page automatically downloads and imports a user certificate into the Microsoft certificate store--no user installation work required.
Native Mode Cert Landing Page is the easier of the two options for users, but it only functions for users who browse to the realm with internet browser Internet Explorer. Because of this, many customers like to have one version of each certificate-delivery realm for their users. The traffic to these realms can regulated with IIS's URL Rewrite tool. With this, a URL Rewrite rule can be written to route users based on the type of internet browser that they are using. This rule can be implemented by using either one, or both, of the rules below.
First, create two new, or configure existing, realms to serve as certificate enrollment realms.
Create PFX (iPhone + WM):
https://docs.secureauth.com/pages/viewpage.action?pageId=43975075
Native Mode Cert LandingPage:
https://docs.secureauth.com/display/90docs/Certificate+Enrollment+Workflow+Configuration
**For example purposes, SecureAuth20 is my Native Mode Cert Landing Page realm and SecureAuth21 is my Create PFX realm.
Rule #1: Re-route Internet Explorer users, visiting a Create PFX realm, to the appropriate Native Cert Landing Page realm.
Install Microsoft's URL Rewrite IIS tool if you haven't already.
- Open Internet Information Services Manager (IIS)
- From the left hand panel, in the manager window, expand the directory under your machine’s name.
- Expand Sites, Default Web Site and click on your Create PFX realm (e.g. SecureAuth21).
- Double click URL Rewite.
- From the Actions panel, on the right-hand side, click Add Rule(s)...
- Select Blank rule under Inbound rules and click OK.
- Name the rule as desired, under Using select Wildcards, under Pattern input *
- From the Action type drop-down menu select Redirect, and enter the Native Cert Landing Page realm's URL (e.g https://YourWebsiteName/secureauth20).
- Expand the Conditions menu and click Add.
- Under Condition input enter {HTTP_USER_AGENT}, from the Check if input string drop-down select Matches the Pattern, under Pattern input *MSIE* then click OK.
**This condition will redirect user traffic to the configured Redirect URL if the user's browser is Internet Explorer.
- Lastly, from the action Actions panel on the right-hand side click Apply.
Rule #2: Re-route Chrome/Firefox users, visiting a Native Cert Landing Page realm, to the appropriate Create PFX realm.
Install Microsoft's URL Rewrite IIS tool if you haven't already.
- Open Internet Information Services Manager (IIS)
- From the left hand panel, in the manager window, expand the directory under your machine’s name.
- Expand Sites, Default Web Site and click on your Native Cert Landing Page realm (e.g. SecureAuth20).
- Double click URL Rewite.
- From the Actions panel, on the right-hand side, click Add Rule(s)...
- Select Blank rule under Inbound rules and click OK.
- Name the rule as desired, under Using select Wildcards, under Pattern input *
- From the Action type drop-down menu select Redirect, and enter the Native Cert Landing Page realm's URL (e.g https://YourWebsiteName/secureauth21).
- Expand the Conditions menu, from the Logical grouping drop-down select Match Any, and click Add.
- Under Condition input enter {HTTP_USER_AGENT}, from the Check if input string drop-down select Matches the Pattern, under Pattern input *Firefox* then click OK.
- Repeat this step to add a condition for Chome browsers with the Pattern *Chrome*
**These conditions will redirect user traffic to the configured Redirect URL if the user's browser is Firefox or Chrome.
- Lastly, from the action Actions panel on the right-hand side click Apply.
These rules can be tested externally from the server by attempting to hit the realm pages with each browser.
Comments
Please sign in to leave a comment.