8.6 Managing Endpoints

In this section you can manage existing endpoints. Endpoint means a place where the Advanced Authentication server will authenticate. It can be a certain workstation with Microsoft Windows for Windows Client endpoint, or Advanced Authentication Access Manager appliance for NAM endpoint.

Such endpoints will be automatically added during installation of NAM Advanced Authentication plug-in or after installation of Windows Client.

Only the Radius endpoint is predefined and available in Endpoints section by defaut.

The following endpoint types are supported:

  1. NAM

  2. NCA

  3. Radius

  4. Mac OS X Client (Local Hostname will be used as endpoint name)

  5. OSP Endpoint (used for OAuth 2.0 and SAML 2.0 events)

  6. Windows Client (DNS name will be used as endpoint name)

  7. Other (can be used by third-party applications)

To manage an authentication endpoint for Advanced Authentication, follow the steps:

  1. Open the Endpoints section.

  2. Click the Edit button next to an applicable endpoint.

  3. It's possible to rename the endpoint, change its description or endpoint type.

  4. Select whether the current endpoint is enabled or disabled by clicking the Is enabled toggle button.

  5. Specify an Endpoint Owner if you have configured a specific chain to be used by Endpoint owner only. This is a user account who should be able to use a different Creating a Chain other than regular users use for authentication.

    NOTE:The Endpoint Owner feature is supported for Windows Client, Mac OS Client and Linux PAM Client only.

  6. Click Save at the bottom of the Events view to save configuration.

You can create an endpoint manually. This can be used for the third-party applications that do not support the creation of endpoints.To create an endpoint manually, perform the following steps:

  1. Click Add.

  2. On the Add endpoint page, specify a Name of the endpoint and its Description.

  3. Set the Type to Other.

  4. Set Is enabled to ON to enable the endpoint.

  5. Leave Endpoint Owner blank.

  6. Click Save. The New Endpoint secret window is displayed.

  7. Grab the values specified in Endpoint ID and Endpoint Secret and place them in a secure place in your application.

    NOTE:You will not be able to get the Endpoint ID and Endpoint Secret later on the appliance.

  8. Click OK.

The following legacy endpoints are presented to you:

  • Endpoint41

    Description: Well-known endpoint (id 41414141)Type: OtherPurpose: support of legacy NetIQ CloudAccess plug-in.

  • Endpoint42

    Description: Well-known endpoint (id 42424242)Type: OtherPurpose: support of legacy NetIQ Access Manager plug-in.

The NetIQ Access Manager and NetIQ Cloud Access plug-ins work with the hard coded endpoint ID and secret. In 5.2 and higher, endpoints must be registered. This breaks the backward compatibility with old plug-ins. These two legacy endpoints allow to keep the old plug-ins working.

IMPORTANT:You must ensure not remove an endpoint that has at least one component running on it such as Windows Client, Logon Filter, RD Gateway plug-in, or ADFS plug-in. Endpoint is removed automatically when you uninstall Windows Client. However you must remove the endpoint manually when you uninstall Logon Filter, RD Gateway plug-in or ADFS plug-in.

If you remove an endpoint accidentally, ensure to remove the records with prefix endpoint* from the %ProgramData%\NetIQ\Windows Client\config.properties file and restart the machine. This recreates the endpoint.