Authentication Type NTLM |
  
|
Authentication Type NTLM |
|
Using Authentication type NTLM it is possible to use web server functionality for providing Single Sign On functionality, e.g. in Windows networks using Microsoft Internet Information Server (IIS) as well as Internet Explorer (IE) the User Login check against the Microsoft Active Directory occurs automatically and implicitly. After Login to the computer when starting the working day, the user will not need to Log In again to use WebOffice 10 R3.
Recommended scenarios for this Authentication type are:
•Single Sign On scenarios in e.g. homogenous Microsoft Windows networks.
Authentication type NTLM configuration
Property |
Description |
Use domain? |
Specifies whether Authentication module takes the domain string into consideration (Yes) or not (No) when logging in (login (username) is e.g.: WIEN\Novak or WIEN/Novak): •Yes: WIEN\Novak or WIEN/Novak will be used •No: Novak will be used Note: If using domain string (Yes) then the user login names in User Management database must be saved with the domain strings included! |
Use user roles only? |
Use role based information from authentication system. No storage and maintenance of user objects in the User Management database is necessary then. |
Authentication type NTLM configuration
Note that you need to configure the User Logins into the SynerGIS rights repository as well. The password specified will not be used by the application.
Note that you need to change the Tomcat configuration in order to use NTLM with IIS, Tomcat Redirector (ISAPI filter) and Tomcat:
Open the file <Tomcat installation directory\conf\server.xml with an XML or text editor. Check the value of the ‘tomcatAuthentication’ property.
E.g. a valid configuration entry would be:
<Service name="Catalina">
<Connector connectionTimeout="20000" port="8080" redirectPort="8443"
disableUploadTimeout="true" acceptCount="100" maxThreads="150" minSpareThreads="25"
maxSpareThreads="75">
</Connector>
<Connector port="8009" redirectPort="8443"
protocolHandlerClassName="org.apache.jk.server.JkCoyoteHandler" protocol="AJP/1.3"
tomcatAuthentication="false">
</Connector>
Note: If using Microsoft IIS and ISAPI Redirector to use Port 80 for your WebOffice 10 R3 web application, you have to enable the Windows Authentication for the virtual directory Jakarta and disable the Anonymous Authentication. Through this setting the user is authenticated to the web server by NTLM. If the IIS is inside the same domain as the client, the user credentials are automatically taken by it, which means that the user does not have to log on explicitly.
Authentication of Jakarta directory in MS IIS Manager
Note: If all previous settings have been configured but NTLM authentication still does not work, please check if changing the order of the windows authentication providers might be the solution.
Changing the order of the windows authentication providers in IIS Manager
Note: The Admin must ensure to set up a virtual directory mapping the configured WebOffice output URL to the physical path of the WebOffice output directory (<WebOffice Application file path>\output). It must be possible to access files in this virtual directory using anonymous http. Detailed information about the configuration of the WebOffice output URL can be found in chapter WebOffice.
Note: For details on how printing and output generation works, see chapter Printing and how Print Output Generation works.
Add Virtual Directory in MS IIS Manager
WebOffice output URL configuration in application configuration