You are viewing limited content. For full access, please sign in.

Question

Question

Web Access and Forms SSO expected behaviour

Web Client Forms How To Directory Server
Updated April 13, 2021
asked on September 8, 2020 Show version history

Hi,

When setting up SSO (and SSL) in Web Access and Forms, when a user selects "Use Windows Authentication" from the login in screen (on either web product): 

 

 

is it expected behaviour to be prompted with the following popup?  I thought their credentials would have been passed straight through.

 

 

Not sure if I'm missing something or this is how it works.

 

Thanks,

Anthony

 

0 0

Replies

replied on September 8, 2020

Hi Anthony,

There are a few Windows/browser settings required to make automatic Windows Auth (Kerberos) passthrough work. These are mostly security measures to protect users against malicious sites requesting and automatically receiving their login information. You need to explicitly declare your Laserfiche site(s) as safe in users' settings before their browsers will automatically respond to those Windows Auth challenges.

Chrome/Edge/IE: The main config required is adding the site(s) to the Local Intranet Zone under Windows' Internet Options. All three of those browsers following the settings in Internet Options. You can push the configuration out to end users through Group Policy.

Firefox has its own configuration you need to set. Steps for both are available at the link below:
https://knowledge.broadcom.com/external/article/174437/configure-kerberos-authentication-in-dif.html

You must close and restart browsers for the Internet Option setting changes to take effect.

If you're still getting the popup Windows Auth challenge afterward, in IIS verify that the LicenseManagerSTSAppPool is running as Network Service. If it's not and you don't have a specific reason for running it as a different identity, set it back to Network Service, recycle the app pool, and try again.

Let me know if the above sorts things out for you.

Cheers,

Sam

4 0
replied on March 29, 2021

Hello Anthony,

Did any of Sam's steps listed resolve the issue?

We have a user with the same issue and wanted to see if any of the steps provided, resolved the issue.

Thanks,

Jeff Curtis

0 0
replied on April 13, 2021

Hello Sam,

I was wondering if you have heard back from Anthony. We are having the issue with the pop-up. Has he confirmed that he is no longer experiencing the pop up?  OR is there a way to put verbiage in the popup stating sign in by selecting the blue Windows Authentication button, no user name or password needed? 

 

Please advise.

Thanks,

Virginia

0 0
replied on April 13, 2021

Hi Virginia,

While I haven't specifically heard back from Anthony, I have seen those same steps used successfully with a number of customers. If you've already done all those steps, check if you're running the IIS License Manager STS application pool as an identity other than "Network Service". If you are, trying changing it back to "Network Service". 

It sounds like you might always want users to use Windows Authentication. If that's the case, there are settings in the LFDSSTS config page that make it easy.

Check "Always use Windows authentication" to have that option auto-selected on login for all users. Check "Hide Laserfiche Authentication" to remove the Username/Password fields.

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...