Fasoo Enterprise DRM

This guide provides the configuration method for performing the user authentication integration function between Fasoo's Enterprise DRM, a document security product, and Genian NAC, a network access control system.

Overview

When configuring integration between Fasoo Enterprise DRM and Genian NAC, the login process consists of Genian NAC authentication > automatic execution of Fasoo Enterprise DRM authentication program > Fasoo Enterprise DRM authentication. (This is explained using the agent authentication plugin, which Genian NAC commonly utilizes for integration with third-party devices on user endpoints.)

Before integration between Genian NAC and Fasoo Enterprise DRM products, users had to additionally perform the Fasoo Enterprise DRM login process after logging into Genian NAC. However, when configured for integration, the Fasoo Enterprise DRM login process is configured to run sequentially during user authentication via the Genian NAC agent.

Recommended Versions

Product Name (Component)	Version	Notes
Genian NAC (Policy Server)	V5.0 or higher	Release version after 2016.12
Genian NAC (Agent)	V5.0.6 or higher	Release version after 2016.12
Fasoo Enterprise DRM	5.0 or higher	Release version after 2016.11

Purpose of Integration

The integration of Genian NAC and Fasoo Enterprise DRM provides the following effects: SSO Environment Configuration

When the Genian NAC agent performs user authentication, it is configured to continue with Fasoo Enterprise DRM authentication, allowing users to complete the authentication process without additional Fasoo Enterprise DRM authentication.

Network Blocking and PC Disablement for Unauthenticated NAC Users

After Genian NAC authentication, it is configured to perform Fasoo Enterprise DRM authentication, and provides the function to disable PC usage for unauthenticated users.

This helps protect internal information by ensuring that Fasoo Enterprise DRM's purpose of document security is always maintained. Genian NAC prevents unauthenticated users from performing any actions on the PC, even if they don't access the network, as there is a risk of accessing information inside the PC.

Prerequisites

Confirm Genian NAC Agent Plugin for Integration

Genian NAC utilizes the Agent Authentication Window plugin provided in the product's basic package for implementing user authentication integration to achieve SSO with Fasoo Enterprise DRM.

(It is provided by default, so you do not need to upload it separately.)

Genian NAC Agent Plugin File Name Notes

NAC-GeniAuth-R-59378-1.1.0.gpf (detailed version may vary) Genian NAC Agent V5.0 or higher (Release version after 2016.12)

If the version of the basic agent plugin provided is equal to or higher than the recommended version in the guide, you do not need to upload it separately. Confirm Fasoo Enterprise DRM Authentication Integration File, File Execution Path, Execution Options, Encryption Method (Provided by Fasoo)

The Fasoo Enterprise DRM authentication execution file must be obtained from Fasoo Co., Ltd., and the path and execution options used for integration are as follows:

Note) Each setting value below may vary depending on the Fasoo Enterprise DRM authentication integration execution file. 1) Fasoo Enterprise DRM authentication execution file (e.g., f_ssoex_cast.exe)

Execution Path: C:WindowsSystem32f_ssoex_cast.exe

Execution Options: -username={AUTH_ID} -password={AUTH_PWD}

Encryption Method: Select from BASE64, AES, BLOWFISH, CAST, SEED

Genian NAC Configuration for Integration

This section covers only the minimum necessary Genian NAC settings for integration with Fasoo Enterprise DRM. Perform this operation only once; it will be automatically applied thereafter.

Step 1: Confirm Agent Plugin Version for Integration: Go to System > Update > Genian Software > Agent Plugins, then compare the Agent Authentication Window plugin version.

If the version is lower than NAC-GeniAuth-R-59378-1.1.0.gpf, execute Step2.

Step 2: Upload Agent Plugin for Integration

If the version is NAC-GeniAuth-R-59378-1.1.0.gpf or higher, skip Step2. 1) In Genian NAC Web Console, go to System > Update > Genian Software > Agent Plugins menu. 2) Select Select Tasks > Plugin Upload > File Select, then choose NAC-GeniAuth-R-59378-1.1.X.gpf plugin 3) Click Upload button

Step 3: Agent Node Action Configuration

In Genian NAC Web Console, go to Policy > Node Policy > Agent Action menu
Click Agent Authentication Window plugin
In Plugin Settings > Other > Run After Authentication, click Add button to add setting values as follows

Configuration Item Setting Value Notes

Execution Path Select Direct Path Input Refer to 'Execution Path Settings' below

Path Input Window

C:\WINDOWS\SysWow64\f_ssoex_cast.exe

C:\WINDOWS\System32\f_ssoex_cast.exe

Create two paths separately

Execution Options -nac '-authid:{AUTH_ID} -authpw:{AUTH_PWD}' AUTH_ID is automatically changed to input ID, AUTH_PWD to input password

Encryption Method Select encryption method BASE64, AES(128bit), BLOWFISH(64bit), CAST(128bit), SEED(128bit) selection

Encryption Key Enter mutually agreed encryption key BASE64 encryption key omitted

Note

Execution Path Settings: Besides Direct Path Input , 8 additional options are provided, but for relative paths, there is a possibility of changes due to OS patch updates, etc., so setting Direct Path Input is recommended

Step 4: Configure Node Policy for Agent Authentication Window Plugin Application

This process is for applying the agent authentication window plugin to node policies. If you are already utilizing the agent authentication window plugin, this can be omitted. 1) In Genian NAC Web Console, go to Policy > Node Policy menu 2) Click the Node Policy containing the node group (e.g., all nodes) to which user authentication integration will be applied (if applying to a specific group only, create and use a separate node group) 3) Go to Agent Action at the bottom and click Assign button 4) Move Agent Authentication Window node action to the right and click Add button 5) Click Update button at the bottom 6) Click Apply Change Policy button at the top right to apply policy