Skip to main content

Block all browsers and only allow IE access to SecureAuth realm for Certificate Enrollment

Summary / Overview

Use this document to configure a SecureAuth realm to only allow an IE browser to access a SecureAuth Realm for Certificate Enrollment, thereby enabling SecureAuth to restrict X.509 certificate exportation. The result is enhanced security for integrations, because the certificate is used as a 2-Factor Authentication method.

Applies to

This IIS feature works with SecureAuth IdP 7 and above.

Prerequisites

1. URL Rewrite module installed on SecureAuth Server (http://www.iis.net/downloads/microsoft/url-rewrite)

2. SecureAuth Realm configured for Certificate Enrollment

Configuration Procedures

Configure IIS

1. Open IIS Manager and browse to the SecureAuth realm to be allowed only IE access (OR browse to the Certificate Enrollment Realm)

2. Open the URL rewrite feature from the IIS Applications

3. Click the Add a rule button and select "Request Blocking" rule

4. Add these rules:

Block Access based on

User-agent Header

Block request that

Does not match the pattern

Pattern

(Trident|MSIE)

Using

Regular Expression

How to block

Abort Request/ Send and HTTP 403 (forbidden) Response

Configure Application X

1.Select URL Rewrite.

2.Under Actions, select Add Rule(s).

3.Enter the rules using the image below.

Configure SecureAuth Realm

See Certificate Enrollment Workflow Configuration.

Troubleshooting / Common Issues

To create an exception for browsers, information about the user-agent of that browser is required to modify/add the Regular Expression in the URL re-write rule.