Clients disconnections with dual SSO agents
Freshman Member
Hello to the Forum
I have one USG310 in AD environment with 2 DCs on Win2012 and Win2016.
Web authentication works well.
I have installed SSO Agent 2.0.0 on both DCs and configured USG310 accordingly. Also opened port 2158 on both DCs.
When users log into their client, a new entry is correcly added to the Login Users list of USG3100 monitor section.
After some time (cannot identify a recurrent duration) some users are randomly removed from the list, even if they are still working on their PC and, of course, can no more access internet.
Here is my configuration:
USG310 FW 4.62
SSO Agents 2.0.0
DCs: Win2012 and Win2016
Clients: Win10
Thank you for reading
0
All Replies
-
I have verified from logs that SSO users constantly log out and relog in every exactly 30 minutes, even if they are still sitting and working at their client station.Here is a log example:
I have tried to change the User Logoin Check interval parameter to various values but the logon/off time seems not to be affected.0 -
After 4 days of bad service my customer has decided to go back to our custom authentication client that uses the web interface.The SSO Agent is still a big delusion. We really hoped that it could be used now that it supports Win2016 but this is still not possible.0
-
Rafff,
That setup doesn’t fit in your environment.
In your case you need to add one Workstation into your environment and install SSO Agent for it.
So Workstation can authenticate using SSO Agent.
Please find following KB article as reference;
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018112&lang=EN
0 -
Thank you Zyxel_CanFor our installation we followed this official guide:Currently we do not have a workstation in our datacenter and we'd prefer not to have it. Moreover the setup described in the KB you linked will introduce a new single point of failure, and this is something we try to get to the minimum, as much as we can.Our custom login client works yet good and is a simple application that still fills our needs mode than the official SSO Agent. Even if we'd prefer to have a more structured solution like SSO Agent is, the current implementation is not yet what we expected it to be.Out of curiosity: what the "Secondary Agent (Optional)" parameter is intedend to be used for?Just one more question: could Zyxel release to community the specifications of the SSO Agent communication protocol (the one that flows on port 2158)?Thank you0
-
Hi @Rafff,
Secondary Agent is a backup agent that is in the same domain.
You can read more from the following link;
Regarding to SSO agent’s communication protocol(That performs at 2158 port for SSO Agent), it’s a proprietary TCP protocol that was designed by Zyxel.
We apologize but the specs of that protocol is not publicly available.
0
Zyxel Employee
Categories
- All Categories
- 388 Beta Program
- 2.1K Nebula
- 116 Nebula Ideas
- 78 Nebula Status and Incidents
- 5.1K Security
- 51 USG FLEX H Series
- 247 Security Ideas
- 1.3K Switch
- 69 Switch Ideas
- 913 WirelessLAN
- 34 WLAN Ideas
- 5.9K Consumer Product
- 210 Service & License
- 330 News and Release
- 71 Security Advisories
- 21 Education Center
- 5 [Campaign] Zyxel Network Detective
- 1.9K FAQ
- 871 Nebula FAQ
- 411 Security FAQ
- 220 Switch FAQ
- 193 WirelessLAN FAQ
- 46 Consumer Product FAQ
- 137 Service & License FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 72 About Community
- 61 Security Highlight
