HTTP

This chapter contains an example of a basic Fudo PAM configuration, to monitor HTTP access to a remote server. In this scenario, the user browses resources of the monitored server using a web browser. The user is authenticated by Fudo PAM against the local user database. The connection will timeout after 15 minutes (900 seconds) and the user will have to login again to continue browsing the server’s contents.

../../_images/quickstart_overview_http.png

Prerequisites

The following description assumes that the system has been already initiated. For more information on the initiation procedure refer to the System initiation topic.


Configuration

../../_images/data_modeling1.png

Adding a server

Server is a definition of the IT infrastructure resource, which can be accessed over one of the specified protocols.


  1. Select Management > Servers.
  2. Click Add.
  1. Provide essential configuration parameters:
Parameter Value
Genera  
Name http_server
Blocked fail
Protocol HTTP
HTTP timeout 900
Enable SSLv2 support fail
Enable SSLv3 support fail
Description fail
   
Permissions  
Granted users fail
   
Destination host  
Address www.wheelsystems.com
Port 80
HTTP host fail
  1. Click Save.

Adding a user

User defines a subject entitled to connect to servers within monitored IT infrastructure. Detailed object definition (i.e. unique login and domain combination, full name, email address etc.) enables precise accountability of user actions when login and password are substituted with a shared account login credentials.


  1. Select Management > Users.
  2. Click Add.
  3. Provide essential user information:
Parameter Value
General  
Login john_smith
Fudo domain fail
Blocked fail
Account validity Indefinite
Role user
Preferred language English
Safes fail
Full name John Smith
Email john@smith.com
Organization fail
Phone fail
AD Domain fail
LDAP Base fail
   
Permissions  
Granted users fail
   
Authentication  
Authentication failures fail
Enforce static password complexity fail
Type Password
Password john
Repeat password john
  1. Click Save.

Adding a listener

Listener determines server connection mode (proxy, gateway, transparent, bastion) as well as its specifics.

  1. Select Management > Listeners.
  2. Click Add.
  1. Provide essential configuration parameters:
Parameter Value
General  
Name http_listener
Blocked fail
Protocol HTTP
Enable SSLv2 support fail
Enable SSLv3 support fail
   
Permissions  
Granted users fail
   
Connection  
Mode proxy
Local address 10.0.150.151
Port 8080
Use TLS fail
  1. Click Save.

Adding an account

Account defines the privileged account existing on the monitored server. It specifies the actual login credentials, user authentication mode: anonymous (without user authentication), regular (with login credentials substitution) or forward (with login and password forwarding); password changing policy as well as the password changer itself.

  1. Select Management > Accounts.
  2. Click Add.
  1. Provide essential configuration parameters:
Parameter Value
General  
Name admin_http_server
Blocked fail
Type forward
Session recording all
OCR sessions fail
Delete session data after 61 days
   
Permissions  
Granted users fail
   
Server  
Server http_server
   
Credentials  
Replace secret with with password
Password fail
Repeat password fail
  1. Click Save.

Defining a safe

Safe directly regulates user access to monitored servers. It specifies available protocols’ features, policies and other details concerning users and servers relations.


  1. Select Management > Safes.
  2. Click Add.
  1. Provide essential configuration parameters:
Parameter Value
General  
Name http_safe
Blocked fail
Login reason fail
Notifications fail
Policies fail
Users john_smith
   
Protocol functionality  
RDP fail
SSH fail
VNC fail
   
Accounts  
admin_http_server http_listener
  1. Click Save.

Connecting to remote resource

  1. Launch a web browser.
  2. Go to the 10.0.150.151:8080 web address.
  3. Enter user login and password and press the [Enter] key or click the Login button.
../../_images/http_login.png
  1. Continue browsing the website.

Viewing user session

  1. Open a web browser and go to the Fudo PAM administration page.
  2. Enter user login and password to log in to Fudo PAM administration panel.
  1. Select Management > Sessions.
  2. Find John Smith’s session and click i.
../../_images/http_ongoing.png ../../_images/player_http_session.png

Related topics: