You are viewing limited content. For full access, please sign in.

Question

Question

Kerberos with weblink 9 issue

WebLink Version 9
Updated September 2, 2016
asked on September 11, 2015

Hi,

 

I have a Customer that wants to upgrade their weblink 8 to 9, so he did a devsite where weblink8 was working fine with SSO

and when he upgrade to 9, it fails to work. we done back all the SPN configuration to make sure all were ok, we reboot the webserver.

 

but it still have issue. also if he press login in weblink web site the Windows credential show up. he tried to puts back the credential but nothing happen, if he press cancel he got a iis web page telling bad credential

 

any ideas

 

and yes I follow this guide

Laserfiche Web Access 8 and Kerberos Configuration in a Windows Server 2008 and IIS 7

 

that the last time help to properly set weblink8 to use sso kerberos
 

0 0

Answer

SELECTED ANSWER
replied on September 11, 2015

If you've registered SPNS, changed authentication to only Windows Authentication, and put Negotiate as the top provider and have the registered app pool using the correct identity (same one you set the SPNS for)....I'd suggest making sure IIS Website is set to use the app pool credentials. This is kind of a non-obvious thing to enable.

 

1. Open the IIS site

2. Go to Configuration Editor

3. Browse to system.webserver -> security -> authentication -> doubleclick Windows Authentication

 

1 0
replied on September 11, 2015

Ok I did not check that one

I will take a look

thanks

0 0
replied on September 25, 2015

Yes it was this setting that was not properly configure, so now it works fine

thanks

1 0
replied on September 2, 2016

Thank you Carl. This helped me as well with one of my customers.

0 0

Replies

replied on September 11, 2015

Did you verify the authentication type in IIS? 

 

 

Also set Windows Authentication Method inside Weblink Administrator Utility?

1 0
replied on September 11, 2015

My guess is that it's related to the app pool's accounts.  What application pools are the two WebLink instances running in, and what user accounts are assigned to them?  And how is the HTTP spn on that machine registered?

0 0
replied on September 11, 2015

Yes I registered the spn with the credential that is set in the application pool

and I verify their is no double spn entry and http/servername and http/FQN servername are set ton the application pool account

0 0
You are not allowed to follow up in this post.

Sign in to reply to this post.

Details
Related Posts
Loading ...