Because AD usernames and passwords are stored by domain, the AD sign-on procedure requires the user to select a domain. When AD integration is enabled the sign-on screen includes a domain drop-down list. For more information about logging in, see Logging In and Out.
The Single Sign On feature retrieves a user’s login information from Active Directory to authenticate access to Ektron. The user does not need to enter a password. After clicking Login, he is immediately logged in.
Single Sign On uses a variable called User.Identity.Name
. This maintains the user's account and domain in Active Directory, and has the format [domain]\[username]
. For example, EKTRON1\ssmith
. The variable's value is set when a user authenticates against a Windows server.
When a user clicks the Login server control, if the variable passes successfully and Active Directory is enabled, the server control opens the autologin.aspx
page. Next, the opening window refreshes just like a normal login, except the user is not prompted for a username, password, and domain.
However, if the user‘s computer is not on a domain, not on the same domain as Ektron, or does not include the Ektron server as a trusted site, the following login screen appears.
If Active Directory is not enabled, the normal login.aspx
page appears.
Single Sign On uses the autologin.aspx
file in the workarea/SSO
directory. When set up, user authentication is enabled from any domain that this server can reach. For example, if Ektron is located in a third level domain, users from third, second, and first level domains can authenticate.
See Also: Enabling NTLM Authentication (Automatic logon) (http://dev.ektron.com/kb_article.aspx?id=22100).
Use the setup instructions that correspond to the IIS version running on your server:
After completing these procedures, enable Active Directory within Ektron (if it isn’t already enabled). See Also: Setting Up Active Directory
You should enable the automatic addition of users and groups. See Also: Setting Up Active Directory
Setting up Single Sign On with IIS 6 involves modifying the web.config
file, editing security settings, and adjusting settings for the Login sever control.
Web.config
file.ek_AUTH_protocol
element.<add key="ek_AUTH_Protocol" value="LDAP" />
authentication
element.authentication mode
to Windows. impersonate
to False. It should look like this:<authentication mode="Windows" />
<identity impersonate="
false
" userName="" password=""/>
autologin.aspx
and select Properties.autologin.aspx
passes credentials from the logged-in user's desktop.In Visual Studio.NET, open the Login server control and set the AutoLogin property to True. See Also: Login Server Control
Setting up Single Sign On with IIS 7 or IIS7.5 involves modifying the web.config
file and editing security settings.
site root/Web.config
.ek_AUTH_protocol
element and change its value to LDAP:<add key="ek_AUTH_Protocol" value="LDAP" />
authentication
element and change the value of authentication mode
to Windows. impersonate
to False:<authentication mode="Windows" />
<identity impersonate="false" userName="" password=""/>
<modules> <!--add name="MyDigestAuthenticationModule" type="Ektron.ASM.EkHttpDavHandler.Security.DigestAuthenticationModule, Ektron.ASM.EkHttpDavHandler" /--> <add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="integratedMode" /> <add name="EkUrlAliasModule" type="UrlAliasingModule" preCondition="integratedMode" /> </modules>
If the status of Windows Authentication is Not Installed, click Add Role Services.
autologin.aspx
passes credentials from the logged-in user's desktop.