3. Access Control Overview
• TheWAF can authenticateusersusingexternalauthenticationservices
• Authenticationcanbeimplemented onlyforHTTPorHTTPSservice
• Avalidated userhas accessdependingon hisauthorization privileges
Tommy
Username
Password
tommy
********
Submit
WAF
Authentication
Authorization
Service Web Server
login_page.html Authentication Server
• 5 – Access Control
4. Access Control Configuration Steps
1. Configure anAuthenticationDatabase
a. External
b. Internal
2. AssociatetheAuthenticationDatabasetoyourService
3. Configure theAuthorization Policyforyour Service
2 3 1b1a
• 5 – Access Control
6. Multi-domain Authentication
• Allows the configurationof multiple domains fora service
• Loginformat: domainusername
• Userswithoutdomain are authenticatedagainstthe default domain
• 5 – Access Control
WAF
Service
jupiterjohn
plutotommy
Tommy
Jupiter Domain
Pluto Domain
John
7. Access Control
• ACCESSCONTROL> AuthenticationServices
• Configure anLDAPserver
• ACCESSCONTROL > Authentication
• Bindtheconfigured LDAPserver withaservice
• ACCESSCONTROL > Authorization
• Createanauthorizationpolicy
• 5 – Access Control
Live Demo