UbintisLab PassNI SSO

This guide provides the configuration method for performing the integration function between UbintisLab PassNI SSO, an integrated authentication security platform (SSO), and Genian NAC, a network access control system.

Overview

When configuring Pass-Ni integration with Genian NAC, the general operating process consists of Pass-Ni login > Genian NAC login.

Before integration between Genian NAC and Pass-Ni products, users needed a separate login process for Genian NAC when accessing the internal network after Pass-Ni login. However, when configured for integration, users are automatically logged into Genian NAC simply by logging into Pass-Ni.

Recommended Versions

Product Name (Component) Version Notes
Genian NAC (Policy Server) V5.0 or higher Release version after 2019.03
Genian NAC (Agent) V5.0.17 or higher Release version after 2019.03
Pass-NI 4.0 or higher Release version after 2019.03

Purpose of Integration

The integration of Genian NAC and UbintisLab's Pass-Ni provides the following effects.

SSO Environment Provision
  • The Genian NAC agent is configured to utilize Pass-Ni's authentication information, checking user authentication status with the Pass-Ni server to allow authenticated users to utilize the network without additional Genian NAC authentication.
Automatic Connection to Network Blocking Reason and Guide Page for Unauthenticated Pass-Ni Users
  • Genian NAC informs unauthenticated Pass-Ni users of the reason for network blocking and provides a guide page on how to take action for normal network usage. (The form of the guide page may differ when integrating with Saeol System, etc.)

Prerequisites

Prepare Genian NAC Agent Plugin for Integration

Genian NAC utilizes a specially developed Genian NAC agent plugin for implementing user authentication integration to achieve SSO with Pass-Ni. The plugin information is as follows:

Genian NAC Agent Plugin File Name Notes
NAC-C_PassNiSSO-R-89967-1.1.8.gpf (detailed version may vary) Genian NAC Agent V5.0 or higher (2020.08 Release 이후 버전)
Issuing License Key and API Calling Tool for Pass-Ni SSO User Endpoints
  1. API calling tool for Pass-Ni user endpoints' user information (Distributed in the form of SSO-CS-API-getUserInfo.zip or similar)
  2. License Key for using Pass-Ni SSO Integration Library (Each institution's Pass-Ni provides a separate license key, such as 3130312XXXXE352XXXX3.)

Genian NAC Configuration for Integration

This section covers only the minimum necessary Genian NAC settings for integration with Pass-Ni. Perform this operation only once; it will be automatically applied thereafter.

Step 1: Upload Agent Plugin for Integration
  1. In Genian NAC Web Console, go to System > Update > Genian Software > Agent Plugin menu
  2. Click Tasks > Upload Plugins > Select File button to select NAC-C_PassNiSSO-R-89967-1.1.8.gpf plugin to upload.
  3. Click Upload button.
Step 2: Agent Plugin Configuration
  1. In Genian NAC Web Console, go to Policy > Node Policy > Agent Action menu.
  2. Click PassNi Alternative Authentication plugin.
  3. In Action Execution Settings, enter setting values as follows:
Configuration Item Setting Value Notes
License Key 3130312XXXXE352XXXX3 (example input value) Enter the key provided by each institution for using the authentication integration library
Integration Scope Select from Login, Login/Logout Refer to Login/Logout option description below

Note

Login/Logout Options

  1. Login/Logout option means after login, Genian NAC continuously verifies authentication status with Pass-Ni. If logged out from Pass-Ni, it processes logout.
  2. Login option means after the initial SSO login, it does not further share login information with Pass-Ni and follows Genian NAC's authentication renewal cycle.
Step 3: Configure Node Policy for Integration Function Application

Through the following process, using Genian NAC's agent plugin, after confirming normal communication for authentication between the user PC and the server and verifying user authentication status, create a policy to allow network access.

  1. In Genian NAC Web Console, go to Policy > Node Policy menu
  2. Click the Node Policy containing the node group (e.g., all nodes) to which user authentication integration will be applied (if applying to a specific group only, create and use a separate node group)
  3. Go to Advanced > Authentication Policy > Single Sign-On Method and select External API from the select box
  4. Go to Agent Action at the bottom and click Assign button
  5. Move PassNi Alternative Authentication node action to the right and click Add button
  6. Click Update button at the bottom
  7. Click Apply Change Policy button at the top right to apply policy