Specifications

ManualsBrandsADTRAN ManualsComputer equipmentBlueSecure Controller

131

132

133

134

135

136

137

138

139

140

Pubcookie Authentication

BlueSecure™ Controller Setup and Administration Guide 6-29

5. Key server address: Enter the Pubcookie key server IP address.

6. Port: Enter port on which the Pubcookie key server is communicating.

The default value is 2222.

7. BSC SSL client certificate: Select the digital certificate to use to validate cookies from

the login server from the drop-down menu.

8. Trusted CA certificates: Add the trusted certificate authority certificate(s) the BSC is to

use from the Available CA certificates list.

)

Note: See “Digital Certificates” on page 10-20 for information about uploading

digital certificates to the BSC.

Accounting To enable RADIUS accounting for this server, select the name of the external RADIUS

accounting server from the Accounting server drop-down list.

See “RADIUS Accounting” on page 7-1 to configure a new RADIUS accounting server for

selection in the drop-down list.

Alternatively, you can select the Create… option to open a window that enables you to

configure a new RADIUS accounting server. After you save the server information, you

are returned to the New Pubcookie server page where you can select the RADIUS

accounting server from the drop-down list.

Mapping

Pubcookie

attributes to

roles

1. Define the rules to determine if the user is authenticated.For each rule:

a) Enter the appropriate Pubcookie attribute in the Attribute field.

b) Select the appropriate logic operator (equal to, not equal to, starts with, ends

with, contains, or [is a role]) from the Logic drop-down list.

c) Enter the appropriate value to check against the specified attribute in the Value

field.

d) Select the role to assign to the user if the rule evaluates as true and the user is

authenticated from the Role drop-down list.

See “Defining User Roles to Enforce Network Usage Policies” on page 8-2 to

define a new role available for selection in the drop-down list.

Alternatively, you can select the Create New… option to open a window that

enables you to define a new role. After you save the role information, you are

returned to the New Pubcookie server page where you can select the role from

the drop-down list.

2. Optional. Use the commands included in the Row Management drop-down list to

change the order of rules, add new blank rules, clear rule data, or delete a rule, etc.

Remember, the BSC evaluates rules in the order in which they are listed here on the

New Pubcookie server page.

3. Select the default user role from the Default role drop-down list. The selected default

role is the role the BSC assigns the user if none of rules is true.

Alternatively, select an LDAP/Active Directory authentication server from the Using

LDAP/Active Directory Server drop-down list to resume rules checking using the rules

configured for the selected LDAP/Active Directory authentication server.

Location Optional. Specify the user location from which the Pubcookie authentication request must

originate by selecting a defined user location from the drop-down menu. If a user location

is specified, the authentication request will not be attempted if the request does not come

from that location.

Notes Optional. Enter a meaningful description for the external Pubcookie authentication server.

Saving the

settings

Click Save to store the information to the BSC database or Save and create another to

continue to define external Kerberos authentication servers.