[THIN] Re: Restrict access to WI
- From: "Evan Mann" <emann@xxxxxxxxxxxxxxxxxxxxx>
- To: <thin@xxxxxxxxxxxxx>
- Date: Mon, 10 Oct 2005 13:59:10 -0400
Just realized I'm going about this all wrong. All I need to do is make
a webpage that is hit prior to hitting the access gateway. This package
has NTFS security applied based on the AD group with which I want to
restrict uses. If you can successfully login to that page, it will just
redirect you to the Access Gateway where you can auth to that. Or, I can
possibly grab the username/password from the first login attempt, and
pass it to the WI.
> _____________________________________________
> From: Evan Mann
> Sent: Monday, October 10, 2005 11:18 AM
> To: 'thin@xxxxxxxxxxxxx'
> Subject: Restrict access to WI
>
> I have users accessing WI through an Access Gateway. I have users on
> the domain who it this using a domain name that is set in AD to
> resolve to an internal IP, and they are coming across VPN's.
>
> When people leave my network, they are resolving to an external IP and
> hitting the same access gateway.
>
> The Access Gateway's are setup to require authentication, and then
> pass that through to WI for SSO.
>
> I'm trying to come up with a way that I can restrict users abilities
> to access the Citrix environment when off network, so I can prevent
> users from working from home. I can't prevent access from certain
> IP's, because home IP's are dynamic, and some people will be given
> access to work from home.
>
> Possibly some type of setup where they hit a website infront of the
> access gateway and it does a check based on the domain name used to
> access the site, references an AD security group, and forward the
> reqest to the Access Gateway as necessary? The issue this causes is
> the Access Gateway can only have 1 SSL certificate, so people working
> frm home would have an SSL popup with a mismtached domain name and
> need to say YES, but I would be OK with that.
>
> Would this work? Is there some better way to do it?
>
>
>
>
Other related posts:
