Filter
Top Products
Server Administration
ETV Portal Server Admin Guide 93
Using LDAP with Single Sign-On
To use single sign-on, go to Access Control and then check Enable Authentication and
Authorization
and Use LDAP Database. If the LDAP server is Microsoft Active Directory, you
can select
Use Integrated Windows Authentication to enable "MCS Single Sign-on." This
means that once you login to your local network with your assigned credentials, you can open
ETV Portal Server without re-entering your login credentials. ETV Portal Server uses your
assigned credentials to authenticate and authorize your defined permissions within the
application. (If using an LDAP directory other than Microsoft's Active Directory, VBrick
strongly recommends using SSL to encrypt the communication between the Portal Server
server and the LDAP directory. Please consult your LDAP vendor documentation for
instructions on how to configure SSL.) When configuring for Integrated Windows
Authentication, keep the following points in mind:
• Integrated Windows Authentication is only valid when using LDAP Authentication with
Microsoft Active Directory.
• You must perform an additional configuration step in IIS as explained below in
Configuring IIS for Single Sign-On
.
• Integrated Windows Authentication only works seamlessly with Microsoft Internet
Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you
will get a popup login window only if you have not previously logged in to the network.
• When using Integrated Windows Authentication, all single-sign-on users must have an
Active Directory account and the Portal Server must be part of the Windows domain.
• When using Integrated Windows Authentication, Microsoft Internet Explorer's default
behavior is that it will not prompt for an ID/password when the server is in the
Local
Intranet Zone
. (By default, Internet Explorer assumes a URL without a period (.). This
means
http://yourserver/ is in the Local Intranet Zone while http://
yourserver.yourcompany.com
(or http://199.88.7.11)) is in the Internet Zone.
Configuring IIS for Single Sign-On
Use the following steps to configure IIS for single sign-on. If you do not perform these steps, the
login page will likely be blank when you launch the Portal Server.
T To configure IIS for single sign-on
1. Go to
Start > Administrative Tools > Computer Management.
2. Expand
Services and Applications and expand Internet Information Services (IIS)
Manager
.
3. Expand
Web Sites and then right-click on Default Web Site and select Properties.
Note The Softerra LDAP Browser 2.6 provides an Explorer-like LDAP client you can use to
browse the LDAP tree. It is available for Windows only and can be downloaded free of
charge from Softerra at http://www.ldapbrowser.com
Note If single sign-on is enabled on multiple LDAP servers, when a user signs on for the
first time, the system validates the login credentials against all servers configured for
single sign-on. If you are validated by at least one server, you are automatically logged
in. In most cases when single sign-on is enabled, the user will not be prompted for a
Domain name at login.