With an LDAP directory, this feature allows a user to access the Open Bee™ Portal without entering their password as long as they are logged in to their Windows 7 session.
With an Azure AD directory, SSO only works if the user is previously logged into a website with their Microsoft Azure AD account in the same web browser.
This part is about SSO with an LDAP directory:
Prerequisites for an SSO login to Open Bee™ Portal
- Installing an “On Premise” Windows server
- The server is part of an Active Directory domain.
- The user is imported from the Active Directory LDAP
- Users are logged into the domain, on their Windows workstation
- The user’s browser has been configured as described below
- SSO is enabled in the general configuration
Configure browsers for SSO
Internet Explorer
Make sure that “Enable Windows Integrated Authentication” in Internet Explorer’s advanced options is checked.
Remember to add the URL to the list of trusted sites on the local intranet under the “Security” tab in the Internet Explorer options.
FireFox
Type “about:config” in the address bar and confirm.
Change the value “network.negotiate-auth.delegation.uris” and add the domain name for which you want to enable automatic sending of information. If the domain name doesn’t work, enter the name of the server on the domain.
Note : It may also be necessary to change the value énetwork.automatic-ntlm-auth.trusted-urisé and add the string https:// ,http://.
Chrome
http://www.specopssoft.com/configuring-chrome-and-firefox-for-windows-integrated-authentication/
There are two ways to set up Chrome:
Option 1: see paragraph ” To modify the registry to configure Google Chrome ”
Option 2: see paragraph ” To use the command line to configure Google Chrome ”
Common Problems
On Windows Vista or Seven:
- The browser returns an Internal Server Error
- Add a value to the registry: HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Control/Lsa
- Add a new DWORD value
- Name it “LmCompatibilityLevel” and set it to “1”