Security

Reply
New Contributor

ClearPass and integrated Windows authentication (IWA)

Hi fellow Airheads

 

Does anybody know if ClearPass can be used with integrated Windows authentication?https://en.wikipedia.org/wiki/Integrated_Windows_Authentication

 

My idea is to have Policy Manager, Onboard and Guest Operators/Admins login to their respective admin-Websites on Clearpass using integrated Windows authentication against AD.

 

"Normal" AD integration is not the problem. This works fine using the standard Username and Passowrd login forms. Thats how we do today.

 

I would like to have users being automatically authenticated using the current users Windows session (Kerberos/NTLM et al) against AD; the same way this is being done with other Windows/Microsoft oriented Web-Sites -Applications.

 

Suuuuuper cool would be if this would work for SAML! Specially in cases where ClearPass acts as IDP. Then, our employess would not have to "manually" authenticate against ClearPass IDP but be authenticated automatically within their respective SAML oriented applications...

 

Is this possible? Has anybody already done this?

 

Thanks in advance for any input!

Guru Elite

Re: ClearPass and integrated Windows authentication (IWA)

ClearPass already supports SAML both as a service provider and identitiy provider.

If your SAML IdP supports WIA, then you're good to go.

Just my 2c: automatically logging in users to a security product seems like a bad idea.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
New Contributor

Re: ClearPass and integrated Windows authentication (IWA)

Hi Cappalli

On 2nd thought you might be right about it being a bad idea to let users logon to security systems using WIA... :-)

About SAML and WIA. What if I want to use ClearPas as IdP? Does the Clearpass IdP Service provide WIA functionality? Do you have any pointers to Configuration guidance regarding this feature (docs about WIA with Clearpass as IdP, not docs about Clearpass as IdP in general)...?
Guru Elite

Re: ClearPass and integrated Windows authentication (IWA)

No we don't support it in our IdP as it's a legacy technology. You'd need to use something like ADFS as your IdP.

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: