Block all browsers and only allow IE access to SecureAuth realm for Certificate Enrollment
Summary / Overview
Use this document to configure a SecureAuth realm to only allow an IE browser to access a SecureAuth Realm for Certificate Enrollment, thereby enabling SecureAuth to restrict X.509 certificate exportation. The result is enhanced security for integrations, because the certificate is used as a 2-Factor Authentication method.
Applies to
This IIS feature works with SecureAuth IdP 7 and above.
Prerequisites
1. URL Rewrite module installed on SecureAuth Server (http://www.iis.net/downloads/microsoft/url-rewrite)
2. SecureAuth Realm configured for Certificate Enrollment
Configuration Procedures
Configure IIS
1. Open IIS Manager and browse to the SecureAuth realm to be allowed only IE access (OR browse to the Certificate Enrollment Realm)
2. Open the URL rewrite feature from the IIS Applications
3. Click the Add a rule button and select "Request Blocking" rule
4. Add these rules:
Block Access based on | User-agent Header |
Block request that | Does not match the pattern |
Pattern | (Trident|MSIE) |
Using | Regular Expression |
How to block | Abort Request/ Send and HTTP 403 (forbidden) Response |
Configure Application X
1.Select URL Rewrite.
2.Under Actions, select Add Rule(s).
3.Enter the rules using the image below.
Configure SecureAuth Realm
See Certificate Enrollment Workflow Configuration.
Troubleshooting / Common Issues
To create an exception for browsers, information about the user-agent of that browser is required to modify/add the Regular Expression in the URL re-write rule.