Are EasySSO Server Licenses Still Available to Purchase?
Instant User-Agent parsing
- In the EasySSO config screen go to the User-Agent Filtering Configuration tab (via NTLM/Kerberos and Advanced Configuration in EasySSO 4.0+)
- When you add a user-agent string into "Instant User-Agent parsing" and click parse, the result returned can be copy/pasted into either the include or exclude rules.
How to allowlist a certain type of client browser
Under User-Agent rules, specify each allowlist rule in the following format:
Device Type, OS Family, OS, Browser Type, Browser Family, Browser
For example:
COMPUTER,WINDOWS,WINDOWS_7,WEB_BROWSER,IE,IE11
Please note, an empty element in the rule will match anything i.e. a allowlist rule with an empty element is more "lax" than one with a specific value.
For example:
COMPUTER,WINDOWS,,WEB_BROWSER,IE,
Multiple rules can be specified, one on each line. Empty lines will be ignored.
Lines starting with "#" are considered to be comments - you can use these to record justification notes about allowlisting a browser.
Once a rule is added to allowlist, only those browsers that match the rule will be requested to attempt NTLM/Kerberos Single Sign-On.
Allowlist takes precedence over the blocklist.
If there are no rules entered here or in the blocklist - any browser will be requested to attempt NTLM/Kerberos Single Sign-On.
How to blocklist a certain type of client browser
Under User-Agent Excluded Rules, specify each blocklist rule in the same format:
Device Type, OS Family, OS, Browser Type, Browser Family, Browser
For example:
UNKNOWN,UNKNOWN,UNKNOWN,TEXT_BROWSER,LYNX,LYNX
Please note, an empty element in the rule will match anything i.e. a blocklist rule with an empty element is more "broad" than one with a specific value.
For example:
,,,TEXT_BROWSER,,
Multiple rules can be specified, one on each line. Empty lines will be ignored.
Lines starting with "#" are considered to be comments - you can use these to record justification notes about blocklisting a browser
Once a rule is added to blocklist, the browsers that match the rule will not requested to attempt NTLM/Kerberos Single Sign-On.
Allowlist takes precedence over the blocklist.
If there are no rules entered here or in the whitelist - any browser will be requested to attempt NTLM/Kerberos Single Sign-On.
A word about using User-Agent filtering with Application Links:
If the "client" application has EasySSO as well, it needs to be configured in a similar way (i.e. to ignore the other one). This can be achieved either with IP Filtering or, more elegantly, with User-Agent Filtering.
For that just insert the exact syntax of the lines below into the User-Agent Excluded rules (i.e. blocklist):
,,,TOOL,DOWNLOAD, UNKNOWN,UNKNOWN,UNKNOWN,UNKNOWN,UNKNOWN,UNKNOWN