Rank: Newbie Groups: Registered
Posts: 4 Location: Atlanta, GA
|
So I wanted to setup OfficeClip to use integrated windows security so that a domain user who access officeclip using internet explorer will never have to enter credentials -- This differs from the instructions listed with the help documentation for setting up windows authentication. First, when I followed the instructions exactly, users were still prompted for a username and password in order to access the site. So, I did the following, I left the web.config file to continue with "forms" authentication. Specifically i changed the "<authentication mode='forms'>" tag to "<authentication>" Then in IIS, on the security tag, I unchecked every option except for integrated windows security. Then I insure that all my users had there site_ids set (users.login_name in the database). Now when users access the site they are not presented with a login page or form requesting credentials, but rather go directly to TimeSheet entry. If a domain user doesn't have a reference in the users table then they are presented with a login page. Can someone explain why my method works (integrated windows authentication, seamlessly as in SSO) and the steps in the help documentation don't give me this seamless experience? (or were they not intended to?) Thanks, Robert Edited by user Friday, June 26, 2009 5:08:47 PM(UTC)
| Reason: Not specified
|
|
|
|
Rank: Administration Groups: Registered, Developer, Administrators Posts: 27
|
robert.martin wrote:So I wanted to setup OfficeClip to use integrated windows security so that a domain user who access officeclip using internet explorer will never have to enter credentials -- This differs from the instructions listed with the help documentation for setting up windows authentication.
First, when I followed the instructions exactly, users were still prompted for a username and password in order to access the site.
So, I did the following, I left the web.config file to continue with "forms" authentication. Specifically i changed the "<authentication mode='forms'>" tag to "<authentication>"
Then in IIS, on the security tag, I unchecked every option except for integrated windows security.
Then I insure that all my users had there site_ids set (users.login_name in the database).
Now when users access the site they are not presented with a login page or form requesting credentials, but rather go directly to TimeSheet entry. If a domain user doesn't have a reference in the users table then they are presented with a login page.
Can someone explain why my method works (integrated windows authentication, seamlessly as in SSO) and the steps in the help documentation don't give me this seamless experience? (or were they not intended to?)
Thanks, Robert Hi Robert, In the Help file, the authentication feature of OfficeClip suggests using Basic Authentication (even though it is little insecured) because it worked seamlessly in all browsers. When we tested it using the Integrated Windows Authentication in the Mozilla browser, it did not work seamlessly (see below) Some information on authentication is available here: https://support.microsoft.com/kb/324274/With Basic Authentication there should be a checkbox on the prompt to the save the user id and password, so it should not prompt again. For Mozilla browsers (like Firefox), normally with Integrated Windows Authentication you will get an additional prompt. This can however, be programmed in the browser: https://markmonica.com/2...-windows-authentication/However, please note that this has to be done by every user who is using that type of browser. Maybe this can be tackled by the help desk. Thanks for pointing this problem. We will look at it again and modify the help file. - Vijay
|
|
|
|
Rank: Newbie Groups: Registered
Posts: 4 Location: Atlanta, GA
|
The problem with using basic authentication is that though the user can opt to save their username password to not be prompted, the moment they alter their domain password, they will be reprompted. Using windows authentication they will absolutely never see a username/password box (assuming they are in IE and the site is considered local intranet/trusted). It provides true seamless, ie SSO, experience. We don't just want to configure OfficeClip to authenticate against our AD Domain, we want OfficeClip to pick up the users credentials automatically just like any other application so the user never has to worry about credentials --> using IE + Windows Auth works (so far) for us.
|
|
|
|
Rank: Administration Groups: Registered, Developer, Administrators Posts: 254 Location: Atlanta, GA
|
Another customer reported that you also need to check the group policy in the LAN for the browser authentication popup |
|
|
|
|
Forum Jump
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.
Important Information:
The OfficeClip Forums uses cookies. By continuing to browse this site, you are agreeing to our use of cookies.
More Details
Close