Has anybody successfully implemented Single Sign-On using Capture Client on a Sonicwall firewall?
aschultz Newbie ✭
I've followed these KB article instructions (https://www.sonicwall.com/support/knowledge-base/enable-capture-client-user-sso-integration/200521000943470/) to setup SSO in our Sonicwall Firewall. Now our firewall event log has TONS of "User login denied due to bad credentials" errors. It was my understanding there was no other SSO agent required for this setup. Is there something else required for this to function correctly?
Category: Capture Client
Hey! You will be signed out in 60 seconds due to inactivity. Click here to continue using the site.
Same issue here :(
Hello. I finally have the opportunity to make some test after upgrading SonicOS 7.0.1-5030 to hot-fix 553. Even if in a couple of occasion (after PC reboots) it seems to work coherently that is I saw the proper user logged in and reported as identified by EndPoint. But soon after it disappered and never be listed anymore... 😡
I've tried to replicate several combination of setting to let this feauer work again.... but I can't. And moreover there aren't any updated documentation related to SonicOS 7 that step by step (from sharing CC license throught mysonicwall between CC istance and firewll) how to set up Users>Settings, Policy>Endpoint Security and Policy>Endpoint Rules.
Hope this thread will be highlighted to have the correct direction to use this featue.
I contacted support today about this very issue of the "user login denied due to bad credentials" when trying to get SSO working with only the Capture Clients in place and no additional agent connected to my Windows AD. I'm on SonicOS Enhanced 220.127.116.11-93n.
I had previously turned on "Enable SSO Login via Capture Client Enforcement" under Security Services>Client AV Enforcement. Also, under Users>Settings I put a green check next to Capture Client for Single Sign-On Method. After pressing the "Configure SSO" button I also went to the Capture Client section and checked "Enable SSO Capture Client" Then under the Enforcement section I had a check in "Initiate SSO to identify users sending traffic from these zones:" for LAN.
I'm not sure if all of the above is required, and I have not yet turned any of that off to test, but to get rid of the "user login denied" messages and finally pass the user credentials to my firewall without error we followed the steps below.
We were able to resolve the login issue by going to Users>Settings>Configure SSO>Users and clicking the check next to "Allow limited access for non-domain users." I verified that the log was no longer showing the "user login denied" and was instead showing successful logins. I also performed an nmap against the firewall from another machine on my LAN and it did log the user in the event logs for the IPS event. I did add a user column for my log as well to make sure it was easily visible.
I'm not sure if it mattered, but the support rep also went to Users>Local Users & Groups and changed the inactivity timeout from 0 to 1. Doesn't seem like that last part would have mattered at all.
Hope that helps someone.
Thanks for the post @IronEagle. I can also confirm checking the "Allow limited access for non-domain users" under Users>Settings>Configure SSO>Users fixes my original post about the log filling up with denied login events. I can also confirm the username field is populated now in the event details.
I did not make the change to the inactivity timeout setting at this time. I can also see the logged in users under Monitor>User Sessions>Active Users. Some still show as inactive but maybe that depends on their activity.