Ektron Reference |
Because AD usernames and passwords are stored by domain, the AD sign-on procedure requires the user to select a domain. When AD integration is enabled the sign-on screen includes a domain drop-down list. For more information about logging in, see Logging In and Out.
The Single Sign On feature retrieves a user’s login information from Active Directory to authenticate access to the CMS. The user does not need to enter a password. After clicking Login, he is immediately logged in.
Single Sign On uses a variable called User.Identity.Name. This maintains the user's account and domain in Active Directory, and has the format [domain]\[username]. For example, EKTRON1\ssmith. The variable's value is set when a user authenticates against a Windows server.
When a user clicks the Login server control, if the variable passes successfully and Active Directory is enabled, the server control opens the autologin.aspx
page. Next, the opening window refreshes just like a normal login, except the user is not prompted for a username, password, and domain.
However, if the user‘s computer is not on a domain, not on the same domain as the CMS, or does not include the CMS server as a trusted site, the following login screen appears.
If Active Directory is not enabled, the normal login.aspx page appears.
Single Sign On uses the autologin.aspx
file in the workarea/SSO directory. Once set up, user authentication is enabled from any domain that this server can reach. For example, if the CMS is located in a third level domain, users from third, second, and first level domains can authenticate.
See Also: Enabling NTLM Authentication (Automatic logon) (http://dev.ektron.com/kb_article.aspx?id=22100).
Use the setup instructions that correspond to the IIS version running on your server:
After completing these procedures, enable Active Directory within the CMS (if it isn’t already enabled). See Also: Setup Methods
Ektron recommends enabling the automatic addition of users and groups. See Also: Setting Up Active Directory
Setting up Single Sign On with IIS 6 involves modifying the Web.config file, editing security settings, and adjusting settings for the Login sever control.
Web.config
file.
<add key="ek_AUTH_Protocol" value="LDAP" />
<authentication mode="Windows" />
<identity impersonate="
false
" userName="" password=""/>
autologin.aspx
and select Properties.autologin.aspx
passes credentials from the logged-in user's desktop.In Visual Studio.NET, open the Login server control and set the AutoLogin property to True. See Also: Login Server Control
Setting up Single Sign On with IIS 7 or IIS7.5 involves modifying the Web.config file and editing security settings.
site root
/Web.config
.<add key="ek_AUTH_Protocol" value="LDAP" />
<authentication mode="Windows" />
<identity impersonate="
false
" userName="" password=""/>
<modules>
<!--add name="MyDigestAuthenticationModule" type="Ektron.ASM.EkHttpDavHandler.Security.DigestAuthenticationModule,Ektron.ASM.EkHttpDavHandler" /-->
<add name="ScriptModule" type="System.Web.Handlers.ScriptModule, System.Web.Extensions, Version=1.0.61025.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" preCondition="integratedMode" />
<add name="EkUrlAliasModule" type="UrlAliasingModule" preCondition="integratedMode" />
</modules>
autologin.aspx
passes credentials from the logged-in user's desktop.Ektron Version 8.5, Doc. Rev. 2.0 (Dec. 2011)
Visit the Ektron Dev Center at http://dev.ektron.com 1–866–4–EKTRON
Ektron Documentation, © 2011 Ektron, Inc.