0

We have multiple web sites that need to process DOMAIN authentication in Windows. There's only one server but multiple sites.

For example:
s1.domain.com
s2.domain.com
s3.domain.com

All of which want a single sign-on. Simple, except the login dialog only can appear once.

So we need a cross web site integrated authentication.

Any thoughts?

James Barnett
  • 111
  • 3

1 Answers1

0

Integrated authentication will work as long as integrated authentication works.

IE is probably prompting because:

  • the target site name contains dots, and
  • the target site isn't in the Local Intranet Zone
  • and possibly that the target site is being proxied (due to #1 or resulting in #2 or because of WPAD etc)

Then there's the Kerberos issue - i.e. if you require Kerberos, you'll need SPNs configured for that domain name.

But fundamentally, IE should provide transparent logon with the logged-on user's credentials to any site it considers part of the Local Intranet zone, with default settings applied to it.

Note Trusted Sites sounds better, but it doesn't permit automatic logon by default. From memory.

TristanK
  • 8,953
  • 2
  • 27
  • 39
  • We'll try using IE. We've been using Chrome, Safari and Firefox. – James Barnett Sep 03 '11 at 04:05
  • Chrome and Firefox support integrated authentication. For firefox you need to set network.automatic-ntlm-auth.trusted-uris and network.negotiate-auth.trusted-uris in about:config. Not sure if you need to configure Chrome. – David Roussel Jul 26 '12 at 09:53