Enforce One Realm to Only Accept User Traffic from Another Realm

Follow
    Applies to:
  • Legacy SecureAuth IdP
Deployment model:
  • On Premises
  • SecureAuth IdP Version affected: All versions

    Description: Some customers may want their end-users to successfully authenticate through one realm before they are allowed to reach another realm. Reasons for this could include: additional methods of authentication, different user-group-access permissions between realms, different data-store settings between realms, etc. This can accomplished through the use of Microsoft's IIS URL Rewrite tool.

    First, create a new, or configure an existing, realm that will serve as a begin site to another realm.
    **For example purposes, SecureAuth25 is my starting realm and SecureAuth24 is my final realm.

    Configure the Starting realm as desired.
    - From the Post Authentication tab, set the Authenticated User Redirect drop-down menu to Use Custom Redirect.
    - In the Redirect To field, type in the ending URL to the second realm.




    Configure the Second realm as desired.
    **Optional: From the Overview tab, set the Restart Login URL to redirect to the Starting realm.




    Install Microsoft's URL Rewrite IIS tool if you haven't already.
    - Open Internet Information Services Manager (IIS)
    - From the left hand panel, in the manager window, expand the directory under your machine’s name.
    - Expand SitesDefault Web Site and click on the Second realm (e.g. SecureAuth24).
    - Double click URL Rewite.




    - From the Actions panel, on the right-hand side, click Add Rule(s)...
    - Select Blank rule under Inbound rules and click OK.
    - Name the rule as desired, under Using select Wildcards, under Pattern input *
    - From the Action type drop-down menu select Redirect, and enter the Starting realm's URL.

    - Expand the Conditions menu and click Add.
    - Under Condition input enter {HTTP_REFERER}, from the Check if input string drop-down select Does Not Match the Pattern, under Pattern input the URL to your Starting realm with a wildcard marker at the end, and click OK.

    **This condition will redirect user traffic back to the Starting realm if they attempt to hit the second realm's URL without properly authenticating though the Starting realm, first.




    - Again, Expand the Conditions menu and click Add.
    - Under Condition input enter {HTTP_REFERER}, from the Check if input string drop-down select Does Not Match the Pattern, under Pattern input the URL to your Second realm with a wildcard marker at the end, and click OK.

    **This condition will prevent properly-authenticated user traffic from being redirected back to the Starting realm as they move through the authentication and post authentication workflows of realm Second realm.




    - Lastly, from the action Actions panel on the right-hand side click Apply.

    0 out of 0 found this helpful

    Comments

    0 comments

    Please sign in to leave a comment.