ADSSO Version 3.1.10.3 -- Readme File Copyright (C) Huawei Technologies Co., Ltd. 2018. All right reserved. ----------------------- Agenda ----------------------- 1. AD SSO Program 2. Installation and Uninstallation 3. Precautions 4. Deployment Overview 5. Contact Us ----------------------- 1. AD SSO Program ================== The AD SSO program works with the firewall to implement the AD SSO function. After a user is authenticated by the AD server, the user automatically passes the firewall's authentication and is allowed to access network resources. The AD SSO service program sends the authentication information of the AD server to the firewall. In addition, the AD SSO program has two working modes: PC messages receiving mode and querying AD server security logs mode. 2. Installation and Uninstallation =================================== Run the ADSSO_3.1.10.3_Setup.exe installation program and follow the instructions in operation. Select the program installation directory. After the installation is completed, the following files generated in the installation directory may be used: +- log: Log file directory. By reading the logs, you can learn about the records about domain user login/logout and the communication between the AD SSO service and the firewall. +- script +-ReportLogin.exe: Login script and logout script. This parameter is used only for receiving PC messages. +- ADSSOAgent.exe: User interface program of the AD SSO service program. You can configure and manage the AD SSO service program. +- config.ini: Stores the running parameters of the AD SSO service program. Do not change randomly. To uninstall the AD SSO service program, open Control Panel and click Uninstall or Change a Program. Right-click ADSSO and choose Uninstall. Select Uninstall as prompted. 3. Precautions =============== 3.1 The AD SSO service program is used with the firewall. Select a proper firewall version. Otherwise, the AD SSO function cannot be used. 3.2 If the user configuration and log files are retained during the uninstallation of the AD SSO service program, ensure that the configured installation path is the same as the original installation path when reinstalling the program. Otherwise, use the reserved config.ini file to overwrite the new config.ini file. 3.3 If you use the PC message receiving mode, after installing the new AD SSO service program, replace the login script and logout script (ReportLogin.exe) in the AD domain controller group policy. The new ReportLogin.exe is obtained from the script folder in the installation directory. 4. Deployment Overview ======================= Select any PC (including the AD domain controller) in the AD domain to install the AD SSO service program. The PC is an AD monitor. 4.1 PC Message Receiving Mode Deploy the AD SSO service on the AD monitor and configure user login/logout scripts on the AD domain controller. Configure AD SSO parameters on the firewall to receive the login/logout information messages sent by the AD SSO service program. 4.2 Querying AD Server Security Logs Mode Deploy the AD SSO service on the AD monitor and configure AD SSO parameters on the firewall to receive user login messages sent by the AD SSO service program. For more information, see Administrator Guide > User and Authentication > Configuring AD SSO in the firewall product documentation. 5. Contact Us ============== If you have any problem during device maintenance or troubleshooting, you can contact the technical support personnel at the local offices of Huawei Technologies Co., Ltd. or the distributors. For the contact information of the local office, visit http://support.huawei.com/enterprise.