Skip to content
SSO Improvements
Suggestions/comments/criticisms are welcome here
I am implementing SAML/SSO for our VPNs and have the following suggestions.
1. Use the CA provided for the VPN connection as a valid CA for the SSO login page. We generate our own certificate authorities for everything internal and would like to see the cert warnings absent in the login popup.
2. Update the Viscosity client to 2.5.5+ to support WEB_AUTH in lieu of OPEN_URL
-Lance
1. Use the CA provided for the VPN connection as a valid CA for the SSO login page. We generate our own certificate authorities for everything internal and would like to see the cert warnings absent in the login popup.
2. Update the Viscosity client to 2.5.5+ to support WEB_AUTH in lieu of OPEN_URL
-Lance
Hi Lance,
Thanks for your feedback!
Viscosity actually supports a "Web CA" file, which can be optionally used to validate the SSO/SAML login webpage. There is no GUI option in the editor for this, however it can be specified using either the "web-ca" command (with a path to the Web CA file as the parameter), or inside the configuration file using OpenVPN's inline file syntax: <web-ca>PEM Data</web-ca>
Cheers,
James
Thanks for your feedback!
Viscosity actually supports a "Web CA" file, which can be optionally used to validate the SSO/SAML login webpage. There is no GUI option in the editor for this, however it can be specified using either the "web-ca" command (with a path to the Web CA file as the parameter), or inside the configuration file using OpenVPN's inline file syntax: <web-ca>PEM Data</web-ca>
Cheers,
James
Web: https://www.sparklabs.com
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
Support: https://www.sparklabs.com/support
Twitter: https://twitter.com/sparklabs
2 posts
Page 1 of 1