You are viewing limited content. For full access, please sign in.

Question

Question

Auto-sign in using Integrated Windows authentication with Single Sign-on

Directory Server
Updated October 1, 2018
asked on May 24, 2017

A Client of ours has configured their Laserfiche Web Client the following way:

  1. Use the Connection option of Auto-sign in using integrated Windows authentication.
  2. Use the Laserfiche Directory Server with the enabled option of  Only sign in with SSO.

 

Client's desired outcome is that once they navigate to the Laserfiche Web Client page, it will automatically log them in using the windows credentials of the workstation. Instead a Logon page is displayed where they can click on Log in with Windows Authentication to login. Client wants to be logged in automatically instead of having to click on the Log in with Windows Authentication.

 

Using the VARKit, I was able to replicate the scenario with LF 10.2 where all the LF components [LFDS, LFS and Web Client] are on the same box.

 

How do we get this to work?

 

0 0

Replies

replied on May 24, 2017 Show version history

This is essentially the same as this previous question about SSO and Forms:

https://answers.laserfiche.com/questions/99726/LF-Forms-101-with-LFDS-auto-single-sign-on#99788

The request to have all users signed in using Windows authentication without clicking the link is already on our backlog.

1 0
replied on September 25, 2018

Hi Brianna,

Has this request been implemented? Will it be part of 10.4?

Is it possible to edit the web-page to click the link for the users?

-Ben 

0 0
replied on October 1, 2018 Show version history

It is available starting in Directory Server 10.2 (released July 2017): see the release notes. The option is on the Web STS configuration page:

 

2 0
replied on May 24, 2017

Thanks Brianna & Miruna.

 

@Miruna: Would this behavior be different from when SSO isn't configured? Meaning just regular Web Client using IWA authentication.

 

I have encountered several where once the IWA is chosen in Web Client config, it works the same for IE, Chrome & Firefox provided as you mentioned that the site is Trusted and the IE User Authentication Logon set to Automatic Logon with current user name and password.

1 0
replied on May 25, 2017

You're right, Chrome does read IE settings nowadays. Firefox does not, though, and there is extra configuration that needs to be done.

0 0
replied on May 24, 2017

It's worth noting that the behavior you're describing only works in Internet Explorer and only for trusted sites. Chrome, Firefox and Edge will still prompt for Windows credentials in that case.

0 0
replied on February 28, 2018

Is this feature/option available in 10.3?

0 0
replied on February 28, 2018

No, it was not included with 10.3.

0 0
replied on October 1, 2018

It has actually been available since Directory Server 10.2: see the release notes. The option is on the Web STS configuration page, since the Web STS portion of Directory Server inludes the login page.

We try to update threads when requested features were released, but we seemed to have missed this; sorry for the confusion!

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...