Expand the Astaro Authentication Agent to (optionally) use the currently logged on Windows credentials instead of manually entering credentials.

What I am suggesting is you port the "Client Authentication program" and the "Astaro Security Agent" to linux(32/64), BSD(32/64) as well as Mac OS X.

Allow users to login to the User Portal with username@domain.com when joined to an Active Directory Domain

Currently the users must login with their AD username only, using their email address does not work.

It would be nice to choose a server group with more than 1 SSO Server to authenticate HTTP profiles.

We need the user's ip mapping. Once a user is authenticated against the http proxy, the user source ip should be mapped in the user's object, so that we can create policy per user

It would be nice, if a LDAP-User can authentificate through a LDAP-Group.

Please make the proxy authentication encrypted if the client does not support eDirectory SSO. Actually user and password are sent in human-readable cleartext.

Same thing for the transparent proxy with authentication. The login form is provided via http... Why not https?

It's important to have a chance in big customers the chance to route authentication process in base of domain name. it would an improvement about what there is already available. Example: users@gabriele.com will be authenticated by radius on server1; if authentication fail, users@gabriele.com will be authenticated by Active directory on server2. ecc.

Very efficient in big environment.

Add a configuration option for adding a query filter attribute for additional email-addresses for user settings.
like searching for email destination (|(mail=%s)(otherMailbox=%s))

Its easier to maintain email-aliases like info@domain.tld in central directory.

Also, other attributes like First and Last name should be selectable if possible

When we remove a user from our LDAP Directory (namely eDirectory or ActiveDirectory) the User in UTM is untouched. It would be nice if the UTM could know about this and purge its matching user-object as well. (Or display us a report of users who are no longer seen on the backend server so we could trigger a delete periodically).

There are compatibility issues with the AD SSO authentication on Windows 7 machines running Microsoft Live ID Assistant.

The only solution provided until now is to uninstall the Live ID, but it keeps getting installed by Windows Updates and has built in many applications (like the Essentials or Movie Maker).

Generate a Certificate Signing Request CSR with ONE CLICK

Add Group support for Radius authentication by defining an backend match for a certain Radius attribute like 'NAS-Identifier' if this is set to a predefined value and the request succedes, than the user is also mapped to this group. restore ASG V6 functionality and better integrate with radius installations

Implement an authentication proxy to access a local subnet or vpn subnet for a configurable time.

Hi! Associating an assigned IP to an authenticated user (for user-based security rules) is not working for remote access with RADIUS - but it could. Please!... ;) Thx in advance!

We would like group nesting to be possible for SSL VPN users.

We added a VPNgroup in the "webadmin --> Remote Access --> SSL-> global --> users and groups" and would like to add that VPNgroup to a group OfficeUsersGroup, but is seems it only works if the users are added to the VPNgroup.

Email Notifications for Login SSL VPN User (Remote Access)

The RADIUS timeout setting is hardcoded, and can't be adjusted from the UI. Third part two factor authentication systems like PhoneFactor use "out of band" methods to complete authentication. Such schemes can take 20-30 seconds to complete an Auth. With the current hardcoded RADIUS timeout Astrado is not compatible with these solutions as the timeout needs to be set appropriately.