Authentication Type NTLM
Using Authentication Type NTLM it is possible to use web server functionality for providing Single Sign On functionality, e.g. in Windows networks using Microsoft Internet Information Server (IIS) as well as Internet Explorer (IE) the user login check against the Microsoft Active Directory occurs automatically and implicitly. After login to the computer when starting the working day, the user will not need to Log In again to use WebOffice 10.9 R4.
Recommended scenarios for this authentication type are:
•single sign on scenarios in e.g. homogenous Microsoft Windows networks.
The authentication type NTLM does not use the WebOffice login dialog for authentication. Users and Passwords are managed in the WebOffice UM Repository. |
A general comparison of the common authentication methods in WebOffice 10.9 R4 can be found in chapter Overview of authentication methods. |
Authentication type NTLM configuration
Property |
Description |
||
---|---|---|---|
Use domain? |
Specifies whether Authentication module takes the domain string into consideration (true) or not (false) when logging in (login (username) is e.g.: VIENNA\Novak or VIENNA/Novak): •true: VIENNA\Novak or VIENNA/Novak will be used •false: Novak will be used
|
||
Use user roles only? |
Use role based information from authentication system. No storage and maintenance of user objects in the user management database is necessary then. |
||
The authentication type user management will be activated (true) as a fallback if the NTLM Login will fail or won't be activated as a fallback (false).
|
Authentication type NTLM configuration
You need to configure the user logins into the WebOffice usermanagement rights repository as well. The password specified will not be used by the application. |
Apache Tomcat Configuration for NTLM
You need to change the Tomcat configuration in order to use NTLM with IIS, Tomcat redirector (ISAPI filter) and Tomcat:
Open the file C:\Tomcat\conf\server.xml with an XML or text editor. Check the value of the tomcatAuthentication property and set to false if necessary. Restart the Tomcat service if you had to change the file.
Set tomcatAuthentication="false" in the Server.xml
IIS Configuration for NTLM
If using Microsoft IIS and ISAPI redirector to use Port 80 for your WebOffice 10.9 R4 web application, you have to enable the Windows authentication for the virtual directory Jakarta and disable the Anonymous Authentication. Through this setting the user is authenticated to the web server by NTLM. If the IIS is inside the same domain as the client, the user credentials are automatically taken by it, which means that the user does not have to log on explicitly.
Authentication of Jakarta directory in MS IIS manager
If all previous settings have been configured but NTLM authentication still does not work, please check if changing the order of the windows authentication providers might be the solution. |
Changing the order of the windows authentication providers in IIS Manager
The administrator must ensure to set up a virtual directory mapping the configured WebOffice output URL to the physical path of the WebOffice output directory (C:\Tomcat\webapps\<WebOffice application>\output). It must be possible to access files in this virtual directory using anonymous http. Detailed information about the configuration of the WebOffice output URL can be found in chapter WebOffice.
See also chapter Printing for understanding the interaction between WebOffice 10.9 R4 Application Server and ArcGIS Server Server. |
Add virtual directory in MS IIS manager
WebOffice output URL configuration