18.2.2. Procedure – Performing out-of-band gateway authentication on PSM

Steps: 

  1. Initiate a connection from a client. If gateway authentication is required for the connection, PSM will pause the connection.

    Note

    For SSH and Telnet connections, when initiating the connection, you can use the following as your username: gu=gatewayusername@remoteusername, where gatewayusername is the username you will use to login to the PSM web interface (also called gateway user), and remoteusername is the username you will use on the remote server.

  2. Open a browser, preferably on the same host you initiated the connection from, and navigate to the login page of PSM.

    Warning

    If the username used within the protocol is different from the username used to access the PSM web interface to perform gateway authentication, usermapping must be configured for the connection. For details on usermapping, see Procedure 18.1, Configuring usermapping policies.

  3. Login to PSM, and select Gateway Authentication from the main menu. The list of connections waiting for gateway authentication will be displayed.

    Note
    • If users accessing the PSM web interface are authenticated to and LDAP server, the users must successfully authenticate to the LDAP server set on the AAA > Settings page.

    • No other PSM privilege is required to access this page.

    Figure 18.4. Gateway Authentication — Performing gateway authentication

    Gateway Authentication — Performing gateway authentication
  4. Select the connection that you started, and click Assign.

  5. Continue to authenticate on the server.

  6. To authenticate another session, you must either:

    • repeat this procedure, or

    • if your PSM administrator has enabled the auto-assign feature, you do not have to repeat this procedure as long as the browser tab you authenticated on PSM is open.