Forum Discussion
Antonio_Macia_R
Nimbostratus
NimbostratusAPM: On demand VPN and SSO
Hello,
We are trying to set up SSO for the on demand VPN connections coming from iOS devices running the Edge Client and can´t make it work. The user´s credentials are stored in the Edge Client and the SSO profile configured works for full tunnel VPNs, so the SSO configuration is ok. However, when the VPN connection is on demand, the credentials are not sent. I enabled the debug logging for SSO and Access Policy and, while I can see the WebSSO daemon running for full tunnel connections, for on demand VPN the daemon is not aware about the credentials request. We use kerberos as authentication protocol. The virtual server where the on demand VPNs connect has the same working SSO profile used for full tunnel.
Does SSO work in conjuction with on demand VPN? What I'm missing?
Thanks in advance.
Antonio_Macia_RAny ideas about this?
Arnaud_LemaireEmployee
Hello Antonio, are you using on demand VPN with a MDN solution ? in this case the user authentication is dicatate by the MDM profile from what i have seen with Airwatch. is that your case ?
TSSRShotAltostratus
What if I desperately need to use an iOS application that doesn’t support modern authentications? For instance we need to use a WedDAV file store using something like GoodReader but security policy requires Cert Based Auth.
Is there a way to trigger on-demand VPN (SOCKS5 or SSL-VPN) and have it perform SSO on behalf of the user? SharePoint is the target WeDAV source, so I’m concerned about the STS aspect once logged in.
Or Perhaps a better way?
Thank You!