Authentication Type NTLM |
  
|
Authentication Type NTLM |
|
Using Authentication Type NTLM it is possible to use web server functionality for providing Single Sign On functionality, e.g. in Windows networks using Microsoft Internet Information Server (IIS) as well as Internet Explorer (IE) the user login check against the Microsoft Active Directory occurs automatically and implicitly. After login to the computer when starting the working day, the user will not need to Log In again to use WebOffice 10.4 SP2.
Recommended scenarios for this authentication type are:
•single sign on scenarios in e.g. homogenous Microsoft Windows networks.
Note: The authentication type NTLM does not use the WebOffice login dialog for authentication. Users and Passwords are managed in the WebOffice UM Repository. A general comparison of the common authentication methods in WebOffice 10.4 SP2 can be found in chapter Overview of authentication methods.
Authentication type NTLM configuration
Property |
Description |
Use domain? |
Specifies whether Authentication module takes the domain string into consideration (Yes) or not (No) when logging in (login (username) is e.g.: VIENNA\Novak or VIENNA/Novak): •Yes: VIENNA\Novak or VIENNA/Novak will be used •No: Novak will be used Note: If using domain string (Yes) then the user login names in User Management database must be saved with the domain strings included! |
Use user roles only? |
Use role based information from authentication system. No storage and maintenance of user objects in the User Management database is necessary then. |
Authentication type NTLM configuration
Note: You need to configure the user logins into the WebOffice usermanagement rights repository as well. The password specified will not be used by the application.
Apache Tomcat Configuration for NTLM
You need to change the Tomcat configuration in order to use NTLM with IIS, Tomcat redirector (ISAPI filter) and Tomcat:
Open the file C:\Tomcat\conf\server.xml with an XML or text editor. Check the value of the "tomcatAuthentication" property and set to "false" if necessary. Restart the Tomcat service if you had to change the file.
Set tomcatAuthentication="false" in the Server.xml
IIS Configuration for NTLM
If using Microsoft IIS and ISAPI redirector to use Port 80 for your WebOffice 10.4 SP2 web application, you have to enable the Windows authentication for the virtual directory jakarta and disable the Anonymous Authentication. Through this setting the user is authenticated to the web server by NTLM. If the IIS is inside the same domain as the client, the user credentials are automatically taken by it, which means that the user does not have to log on explicitly.
Authentication of Jakarta directory in MS IIS manager
Note: If all previous settings have been configured but NTLM authentication still does not work, please check if changing the order of the windows authentication providers might be the solution.
Changing the order of the windows authentication providers in IIS Manager
The administrator must ensure to set up a virtual directory mapping the configured WebOffice output URL to the physical path of the WebOffice output directory (C:\Tomcat\webapps\<WebOffice application>\output). It must be possible to access files in this virtual directory using anonymous http. Detailed information about the configuration of the WebOffice output URL can be found in chapter WebOffice.
Note: See also chapter Printing for understanding the interaction between WebOffice 10.4 SP2 Application Server and ArcGIS 10.4 for Server Server.
Add virtual directory in MS IIS manager
WebOffice output URL configuration