UNIX Agents are normally running in a private network. When the agent is required to communicate to Centrify Identity Platform (CIP), e.g. to do MFA, is normally located in a public network. In some scenarios it is a common practice for traffic to go through a Proxy Server when talking to a Server in the public network.
The Centrify DirectControl Agent by default will use Centrify Cloud Connector as the Proxy Server, which will use SPENGO as authentication method and authenticate as machine account. Some environments may have their own Proxy Server configured and would prefer to use their own Proxy Server with the Agent.
There is no way to specify an alternate HTTP Proxy Server in Centrify DirectControl Agent, and no way to configure the credential for the proxy server.
Centrify Connectors 17.7 and greater allow for HTTP Proxy Server with authentication to be specified. Enter the Server FQDN within the connector control panel along with the needed credentials.
Note: Each connector will need to have this configured.
In Suite 2017.3 (5.4.3) Centrify Direct Control will support user-specified Proxy Server with authentication for MFA.
A new CLI adwebproxyconf to allow user to configure web proxy locally:
- Setup HTTP Proxy credential to be used by agent.
- Delete HTTP Proxy credential.
- Get the HTTP Proxy credential info.
- Test the proxy connection using configured or supplied HTTP Proxy credential
- Provide option to configure HTTP Proxy Server to use.
- Only root is allowed to run this command
- Machine must joined to zone to run
Please review man pages for more information.
New settings that will allow configuration of an alternative Proxy Server.
- HTTP Proxy Server that DirectControl should use to connect to the CIP. Default is empty, i.e. none.
- adclient.http.proxy.server: FQDN
Determine if authentication is required for a specified HTTP Proxy Server. Default is false.
- adclient.http.proxy.server.auth.required: false
- Determine what authentication type should be used when authenticating to HTTP Proxy Server. Supported Values are; AnyAuth (Default), Basic, Digest, NTLM, Negotiate.