Navigation:  WebOffice Application Configuration > Common > User Management > Configuration > Authentication Type SSO > How it works – Architecture

 

Sequences:

 

1.Useridentification: Logged on user is identified and checked by the LDAP-Server-System. To use this information correctly, it is necessary that the browser has the capability to know the log on information (capability is given with MS IE and influencable).

 

 

 

2.(If 1 is successful): Web server passes the user context (NTLM) by using the redirection of ISAPI Redirector. This context only contains the login information and no role memberships. WebOffice 10 R3 determines the role memberships of the user by accessing the LDAP Server.

 

3.(If 2 is successful): WebOffice 10 R3 identifies the passed information (user context and role membership) because of the application configuration. Role identifiers (role names) are compared to the role identifiers of the SynerGIS Rights-Repository (group names). If the string comparison is successful the role definition (rights and restrictions) from the Rights-Repository are read and applied. This way WebOffice 10 R3 can assign rights to a logged on user without having any user information in the Rights-Repository.