We are currently running LDAP auth for employees and open for our guest wireless. I need to setup a one time authentication method for employees with either a certificate or cookie that would last for 1 year.
What would be the best solution for this? Is there a KB or a discussions where someone has implemented this?
You can use rule set "Cookie authenticaton" or "Cookie Authentication with Login page" and give it a try. And under "Authentication Server - Cookie Check" engine, under Session TTL (IP/Cookie) option you can specify time for "31536000" secs (~ 1 year).
You might need to some tweaking as per your requirement. Give it a shot. Good luck !
I am not sure whether this will work. In cookie authentication a cookie is dropped for every website that is called, and the cookie expires when the browser is closed. Something is required to identify the user. If there are fixed IP addresse it would be possible to use the authentication server to build a IP <-> user name mapping, but if the IP changes I do not see a simple way to correctly identify a user without asking him to deliver something, such as a certificate or username/password.