VBrick Systems Server ETV v3.1 Manual Do Utilizador
Administration
ETV Portal Server Administrator Guide
39
Using Single Sign-On
If the LDAP server is Microsoft Active Directory, you can select
Integrated Windows
Authentication
to enable "single sign-on." This means that once you login to your local
network with your assigned credentials, you can open ETV Portal Server without re-entering
your login credentials. ETV Portal Server uses your assigned credentials to authenticate and
authorize your defined permissions within the application. When configuring for Integrated
Windows Authentication, keep the following points in mind:
your login credentials. ETV Portal Server uses your assigned credentials to authenticate and
authorize your defined permissions within the application. When configuring for Integrated
Windows Authentication, keep the following points in mind:
•
Integrated Windows Authentication is only valid when using LDAP Authentication with
Microsoft Active Directory. ETV Portal Server enforces this as a business rule.
Microsoft Active Directory. ETV Portal Server enforces this as a business rule.
•
Integrated Windows Authentication only works seamlessly with Microsoft Internet
Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you
will get a popup login window only if you have not previously logged in to the network.
Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you
will get a popup login window only if you have not previously logged in to the network.
•
When using Integrated Windows Authentication, all single-sign-on users must have an
Active Directory account and the Portal Server server must be part of the Windows
domain.
Active Directory account and the Portal Server server must be part of the Windows
domain.
•
When using Integrated Windows Authentication, Microsoft Internet Explorer's default
behavior is that it will not prompt for an ID/password when the server is in the
behavior is that it will not prompt for an ID/password when the server is in the
Local
Intranet Zone
. (By default, Internet Explorer assumes a URL without a period (.). This
means
http://yourserver/
is in the
Local Intranet Zone
while
http://
yourserver.yourcompany.com
(or
http://199.88.7.11
)) is in the
Internet Zone
.
T
To use single-sign-on (and avoid username/password prompts), you must do one of the
following:
following:
•
Access the Portal Server server by the alphanumeric name (for example
http://
yourserver/
).
•
Access the Portal Server server by the IP address in which case you must also:
•
•
Add the Portal Server server to the
Local Intranet Zone
(
Internet Options >
Security > Sites
). This setting can be pushed company-wide by an administrator
using security policies.
•
Change Internet Explorer's default settings to allow Automatic Logon for non-
Intranet zones (
Intranet zones (
Internet Options > Security Tab > Customize Level > User
Authentication
).
Note
The Softerra LDAP Browser 2.6 provides an Explorer-like LDAP client you can use
to browse the LDAP tree. It is available for Windows only and can be downloaded
free of charge from Softerra at http://www.ldapbrowser.com
to browse the LDAP tree. It is available for Windows only and can be downloaded
free of charge from Softerra at http://www.ldapbrowser.com
Note
If using an LDAP directory other than Microsoft's Active Directory, VBrick
strongly recommends using SSL to encrypt the communication between the Portal
Server server and the LDAP directory. Please consult your LDAP vendor
documentation for instructions on how to configure SSL.
strongly recommends using SSL to encrypt the communication between the Portal
Server server and the LDAP directory. Please consult your LDAP vendor
documentation for instructions on how to configure SSL.