Enabling Bizview Single Sign-On
To enable single sign-on, a few settings need to be in place:
- The IIS website Bizview needs to have Windows Authentication enabled. This is done in the MSI installation (no manual step required).
- The Application Setting Active Directory in Bizview needs to be set to the LAN Domain Controller IP Adress. Syntax as: LDAP://<ip-address>
- All users who are supposed to take advantage of the Single-Sign-On feature need to have their application Domain name set to exactly the same as their Windows account name. Depending on the AD lookup this might be Case Sensitive. Leave Password blank. To ensure that the correct credentials are given, browse to http://<servernam>/bizview/sso/whoami.aspx
- Single Sign-On (SSO) address. To use the SSO feature, the URL for Bizview application is http://<servername>/<appname>/sso
- Active Directory.
- Start Active Directory Users and Computers.
- In the left pane, click Computers.
- In the right pane, right-click the name of the IIS server, and then click Properties.
- Click the General tab, click to select the Trust computer for delegation check box. Then, click OK.
- Quit Active Directory Users and Computers.
The Anonymous Authentication should be disabled for the Bizview website catalog SSO:
The MSI package does this automatically:
Command utility (32-bit):
"C:\WINDOWS\Sysstem32\inetsrv\appcmd.exe" set config "Default Web Site/bizview/SSO" -section:anonymousAuthentication /enabled:"False" /commit:apphost
Command utility (64-bit):
"C:\WINDOWS\SysWOW64\inetsrv\appcmd.exe" set config "Default Web Site/bizview/SSO" -section:anonymousAuthentication /enabled:"False" /commit:apphost
Configure trust for delegation for Web parts To configure the IIS server to be trusted for delegation, follow these steps: