9.0 Configuring Authentication for ESP-Enabled Novell SSL VPN

If you installed the ESP-enabled Novell® SSL VPN, then an Embedded Service Provider component was installed along with the SSL VPN server during the installation. You must now configure the Embedded Service Provider in order to establish a trust relationship between the Identity Server and the Embedded Service Provider.

NOTE:If you have installed the traditional SSL VPN, refer to Section 10.0, Accelerating the Traditional Novell SSL VPN.

In the Administration Console, click Devices > SSL VPNs > Edit.

The Server configuration page is displayed.
Select Authentication Configuration from the Basic Gateway Configuration section.

The SSL VPN Embedded Service Provider Configuration page is displayed.
Fill in the following fields:

Identity Server Cluster: Specifies the Identity Server cluster that you want the Access Gateway to trust for authentication. Select the configuration you have assigned to the Identity Server.

Authentication Contract: Specifies the type of contract, which determines the information a user must supply for authentication. By default, you can select from the following authentication contracts:
- Any Contract: If the user has authenticated, allows any contract defined for the Identity Server to be valid, or if the user has not authenticated, prompts the user to authenticate using the default contract assigned to the Identity Server configuration.
- Name/Password - Basic: Specifies basic authentication over HTTP, using a standard login pop-up provided by the Web browser.
- Name/Password - Form: Specifies a form-based authentication over HTTP, using the Access Manager login form.
- Secure Name/Password - Basic: Specifies basic authentication over HTTPS, using a standard login pop-up provided by the Web browser.
- Secure Name/Password - Form: Specifies a form-based authentication over HTTPS, using the Access Manager login form.
Embedded Service Provider Base URL: The application path for the Embedded Service Provider. This URL has the following constituents:
- Protocol: Specifies the communication protocol. Specify HTTPS in order to run securely in SSL mode. Use HTTP only if you do not require security
- Domain: The DNS name used to access the SSL VPN server. Using an IP address is not recommended.
- Port: Specifies the port values for the protocol. The port is 8080 for HTTP or 8443 for HTTPS. If you want to use port 80 or 433, specify the port here, then configure the operating system to translate the port.
Application: Specifies the SSL VPN server application path.

Redirect Requests from Non-Secure Port to Secure Port: Specify this option to redirect the browsers to the secure port in order to establish an SSL connection. If this option is not selected, browsers that connect to the non-secure port are denied service.

SSL VPN Certificate: Configure a certificate for SSL. You can click the icon to select a certificate. If you have installed the Identity Server and the SSL VPN server on the same machine, then same certificate is used for both the services.

Embedded Service Provider Certificate: Configure a certificate for the Embedded Service Provider to communicate with the Identity Server. You can click the icon to select a certificate.

The following URLs are displayed when the Published DNS name is populated:
- Login URL: Displays the URL that you need to use for logging users in to the protected resources.
- Logout URL: Displays the URL that you need to use for logging users out of protected resources.
- Metadata URL: Displays the location of the metadata.
- Health Check URL: Displays the location of the health check.
Restart the Tomcat server when prompted.
To save your modifications, click OK, then click Update on the Configuration page.
Click Update on the Identity Server Configuration page.
(Optional) Proceed with Section 11.0, Configuring the IP Address, Port, and NAT, if you have not already configured the SSL VPN server details.