Server Administration

 

 

 

 

 

 

 

Ind. Group Identifier

The group attribute that uniquely identifies a group. MCS will

 

 

match the values returned for this attribute with group names

 

 

entered on the User Groups page.

 

 

 

 

Group Base DN

Base distinguishing name (DN) of user node.

 

 

 

† ETV Portal Server required field. All others are optional.

Note The Softerra LDAP Browser 2.6 provides an Explorer-like LDAP client you can use to browse the LDAP tree. It is available for Windows only and can be downloaded free of charge from Softerra at http://www.ldapbrowser.com

Use LDAP with Single Sign-On

To use single sign-on, go to Access Control and then check Enable Authentication and

Authorization and Use LDAP Database. If the LDAP server is Microsoft Active Directory, you can select Use Integrated Windows Authentication to enable "MCS Single Sign-on." This means that once you login to your local network with your assigned credentials, you can open ETV Portal Server without re-entering your login credentials. ETV Portal Server uses your assigned credentials to authenticate and authorize your defined permissions within the application. (If using an LDAP directory other than Microsoft's Active Directory, VBrick strongly recommends using SSL to encrypt the communication between the Portal Server server and the LDAP directory. Please consult your LDAP vendor documentation for instructions on how to configure SSL.) When configuring for Integrated Windows Authentication, keep the following points in mind:

Integrated Windows Authentication is only valid when using LDAP Authentication with Microsoft Active Directory.

You must perform an additional configuration step in IIS as explained below in Configuring IIS for Single Sign-On (Windows Server 2003) or Configuring IIS for Single Sign-On (Windows Server 2008).

Integrated Windows Authentication only works seamlessly with Microsoft Internet Explorer browsers (Windows and Macintosh). When accessing ETV Portal Server, you will get a popup login window only if you have not previously logged in to the network.

When using Integrated Windows Authentication, all single-sign-on users must have an Active Directory account and the Portal Server must be part of the Windows domain.

When using Integrated Windows Authentication, Microsoft Internet Explorer's default behavior is that it will not prompt for an ID/password when the server is in the Local Intranet Zone. (By default, Internet Explorer assumes a URL without a period (.). This

means http://yourserver/ is in the Local Intranet Zone while http://

yourserver.yourcompany.com (or http://199.88.7.11)) is in the Internet Zone.

Note If single sign-on is enabled on multiple LDAP servers, when a user signs on for the first time, the system validates the login credentials against all servers configured for single sign-on. If you are validated by at least one server, you are automatically logged in. In most cases when single sign-on is enabled, the user will not be prompted for a Domain name at login.

ETV Portal Server Admin Guide

95

Page 106 Page 108
Page 107
Image 107
VBrick Systems V4.4.3 manual Use Ldap with Single Sign-On
Page 106 Page 108
Top Page Image Contents