Security

Hi fellow Airheads

 

Does anybody know if ClearPass can be used with integrated Windows authentication?https://en.wikipedia.org/wiki/Integrated_Windows_Authentication

 

My idea is to have Policy Manager, Onboard and Guest Operators/Admins login to their respective admin-Websites on Clearpass using integrated Windows authentication against AD.

 

"Normal" AD integration is not the problem. This works fine using the standard Username and Passowrd login forms. Thats how we do today.

 

I would like to have users being automatically authenticated using the current users Windows session (Kerberos/NTLM et al) against AD; the same way this is being done with other Windows/Microsoft oriented Web-Sites -Applications.

 

Suuuuuper cool would be if this would work for SAML! Specially in cases where ClearPass acts as IDP. Then, our employess would not have to "manually" authenticate against ClearPass IDP but be authenticated automatically within their respective SAML oriented applications...

 

Is this possible? Has anybody already done this?

 

Thanks in advance for any input!

ClearPass already supports SAML both as a service provider and identitiy provider.

If your SAML IdP supports WIA, then you're good to go.

Just my 2c: automatically logging in users to a security product seems like a bad idea.

Hi Cappalli

On 2nd thought you might be right about it being a bad idea to let users logon to security systems using WIA... :-)

About SAML and WIA. What if I want to use ClearPas as IdP? Does the Clearpass IdP Service provide WIA functionality? Do you have any pointers to Configuration guidance regarding this feature (docs about WIA with Clearpass as IdP, not docs about Clearpass as IdP in general)...?

No we don't support it in our IdP as it's a legacy technology. You'd need to use something like ADFS as your IdP.