82 © 2008 VBrick Systems, Inc.
• Integrated Windows Authentication is only valid when using LDAP Authentication with
Microsoft Active Directory.
• You must perform an additional configuration step in IIS as explained below in
Configuring IIS for Single Sign-On
.
• Integrated Windows Authentication only works seamlessly with Microsoft Internet
Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you
will get a popup login window only if you have not previously logged in to the network.
• When using Integrated Windows Authentication, all single-sign-on users must have an
Active Directory account and the Portal Server must be part of the Windows domain.
• When using Integrated Windows Authentication, Microsoft Internet Explorer's default
behavior is that it will not prompt for an ID/password when the server is in the
Local
Intranet Zone
. (By default, Internet Explorer assumes a URL without a period (.). This
means
http://yourserver/ is in the Local Intranet Zone while http://
yourserver.yourcompany.com
(or http://199.88.7.11)) is in the Internet Zone.
Configuring IIS for Single Sign-On
Use the following steps to configure IIS for single sign-on. If you do not perform these steps, the
login page will likely be blank when you launch the Portal Server.
T To configure IIS for single sign-on:
1. Go to
Start > Administrative Tools > Computer Management.
2. Expand
Services and Applications and expand Internet Information Services (IIS)
Manager
.
3. Expand
Web Sites and then right-click on Default Web Site and select Properties.
4. Go to
Directory Security > Authentication and access control and make sure that
Integrated Windows authentication is checked on the following window.
Note If single sign-on is enabled on multiple LDAP servers, when a user signs on for the
first time, the system validates the login credentials against all servers configured for
single sign-on. If you are validated by at least one server, you are automatically logged
in. In most cases when single sign-on is enabled, the user will not be prompted for a
Domain name at login.