Configuring iis for single sign-on – VBrick Systems Portal Server ETV v4.2.1 User Manual

Page 94

Advertising
background image

82

© 2008 VBrick Systems, Inc.

Integrated Windows Authentication is only valid when using LDAP Authentication with
Microsoft Active Directory.

You must perform an additional configuration step in IIS as explained below in
Configuring IIS for Single Sign-On.

Integrated Windows Authentication only works seamlessly with Microsoft Internet
Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you
will get a popup login window only if you have not previously logged in to the network.

When using Integrated Windows Authentication, all single-sign-on users must have an
Active Directory account and the Portal Server must be part of the Windows domain.

When using Integrated Windows Authentication, Microsoft Internet Explorer's default
behavior is that it will not prompt for an ID/password when the server is in the

Local

Intranet Zone

. (By default, Internet Explorer assumes a URL without a period (.). This

means

http://yourserver/

is in the

Local Intranet Zone

while

http://

yourserver.yourcompany.com

(or

http://199.88.7.11

)) is in the

Internet Zone

.

Configuring IIS for Single Sign-On

Use the following steps to configure IIS for single sign-on. If you do not perform these steps, the
login page will likely be blank when you launch the Portal Server.

T

To configure IIS for single sign-on:

1. Go to

Start > Administrative Tools > Computer Management

.

2. Expand

Services and Applications

and expand

Internet Information Services (IIS)

Manager

.

3. Expand

Web Sites

and then right-click on

Default Web Site

and select

Properties

.

4. Go to

Directory Security > Authentication and access control

and make sure that

Integrated Windows authentication

is checked on the following window.

Note If single sign-on is enabled on multiple LDAP servers, when a user signs on for the

first time, the system validates the login credentials against all servers configured for
single sign-on. If you are validated by at least one server, you are automatically logged
in. In most cases when single sign-on is enabled, the user will not be prompted for a

Domain

name at login.

Advertising
Popular Brands
Popular manuals