Documentation

 

 

Summary / Overview

Use this document to configure a SecureAuth realm to only allow an IE browser to access a SecureAuth Realm for Certificate Enrollment, thereby enabling SecureAuth to restrict X.509 certificate exportation. The result is enhanced security for integrations, because the certificate is used as a 2-Factor Authentication method.

Applies to

This IIS feature works with SecureAuth IdP 7 and above.

Prerequisites

1. URL Rewrite module installed on SecureAuth Server (http://www.iis.net/downloads/microsoft/url-rewrite

2. SecureAuth Realm configured for Certificate Enrollment (https://docs.secureauth.com/x/tgPtAQ)

Configuration Procedures

Configure IIS

1. Open IIS Manager and browse to the SecureAuth realm to be allowed only IE access (OR browse to the Certificate Enrollment Realm) 

2. Open the URL rewrite feature from the IIS Applications

3. Click the Add a rule button and select "Request Blocking" rule

4. Add these rules:

Block Access based onUser-agent Header
Block request thatDoes not match the pattern
Pattern(Trident|MSIE)
UsingRegular Expression
How to blockAbort Request/ Send and HTTP 403 (forbidden) Response

Configure Application X

 1.  Select URL Rewrite.

2. Under Actions, select Add Rule(s).

3. Enter the rules using the image below.


Configure SecureAuth Realm

Troubleshooting / Common Issues

To create an exception for browsers, information about the user-agent of that browser is required to modify/add the Regular Expression in the URL re-write rule.